Enable SSL certs EVERYWHERE local w/ Lets Encrypt

Post Reply
admin
Site Admin
Posts: 5
Joined: Mon Jan 23, 2023 7:43 pm

Enable SSL certs EVERYWHERE local w/ Lets Encrypt

Post by admin »

Create Cloudflare account and login.
Domains > Overview > Add Domain > domainhere.com
Wait for Cloudflare to delegate (doesn't take too long (under 10mins for me)).

Change Bluehost domains to use Cloudflare NS (your CF NS hostnames could be different).

Code: Select all

irma.ns.cloudflare.com
lou.ns.cloudflare.com
ns.jpg


Check DNS delegation @ https://dnschecker.org/

Once complete, check Cloudflare DNS records for consistency with old records.

Create Debian 13 VM (Nginx Proxy Manager).

Install docker and portainer here https://zemerdon.com/viewtopic.php?t=368

Install NPM

Code: Select all

mkdir /home/npm
pico /home/npm/docker-compose.yml
docker-compose.yml

Code: Select all

services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped

    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP

    environment:
      TZ: "Australia/Brisbane"

      # Uncomment this if you want to change the location of
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"

      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'

    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
Start NPM

Code: Select all

zemerdon@NPM:~/npm$  docker compose up -d
Create Cloudflare DNS token
Cloudflare > Manage Account > Account API Tokens > Create Token

make sure you have the following permissions for validation...

cf.jpg


Review Token > Create Token and record the information (If you accidently close the tab, status > 3 dots > Roll, to re-create)

Login to NPM @ serverip:81 > Certificates > Add Certificate > Let's Encrypt via DNS

make sure to input your Cloudflare Token from earlier

cf2.jpg


This covers zemerdon.com and any subdomains.


Create DNS A-record to point to NPM.
Cloudflare > Domain > DNS > Record. (I use real IP because I have edge facing services).
You could control all you're subdomains in pfSense (or similar) through DNS Resolver e.g: someservice.zemerdon.com > 30.30.30.5.

Create NPM Proxy Hosts, and don't forget to create an Access Rule for LOCAL ONLY stuff. Here is an example for my webserver...

npm.jpg
npm2.jpg



Credit:

Top
Post Reply

Return to “Server Related”