this post was submitted on 28 Jan 2025
18 points (95.0% liked)

Selfhosted

60623 readers
604 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Yesterday I decided to start "officially" selfhosting. With almost no experience with Docker, I struggled for eight hours straight, but I finally have it working.

Currently, the two tools I am selfhosting with Docker Compose are LibreTranslate and spotDL. I'm only accessing them over the local network using a direct IP:PORT, so there's no domain name. I don't want to use a custom DNS, since it is fingerprintable online, so I want to keep it the same as my VPN.

With that said, I want to add encryption to the connections. I was able to generate my own self signed certificates with this command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./certs/key.key -out ./certs/cert.crt

spotDL was easy to setup with these self signed certs, since it has command flags for --enable-tls, --key-file, and --cert-file. LibreTranslate has an environment variable for - LT_SSL=true, however it gives the following error:

libretranslate  | (URLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')),)

That led me to this issue which is 2 and a half years old. LibreTranslate doesn't have a way to specify certificates that I know of.

I tried using Nginx Proxy Manager to create a reverse proxy, but I couldn't quite figure it out. (I also didn't understand Docker Compose at the time. I had a few hours to go before I did) NPM also seems to want Let's Encrypt certificates which can't be given without a DNS record. I tried manually providing certificates in the config file, but I don't quite understand NPM enough to be able to set it up properly on my own.

My requirements are:

  • No changing the DNS from my VPN's default
  • No port forwarding, everything should be accessed by the local network only
  • No email required (ability to use a fake email without risk is fine)
  • Only free and open source software
  • Modern security standards where available

I also would like help adding the self signed certificates as a permanent exception in Brave browser, if possible.

you are viewing a single comment's thread
view the rest of the comments
[–] False@lemmy.world 2 points 1 year ago

Encryption in transit even internally is a good practice. That said, op is making life hard by refusing to use DNS.