Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
I'm still pretty green so I'm not sure what terminated means in this context.
My domain registrar for my "pretty" domain (not FreeDNS) allowed me to issue a Let's Encrypt on it. It gave me the encrypted Cert code, Private Key code, and Immediate Cert code. I was able to bring them down into
.crt
and.key
files respectively and assign them to my NAS. Jellyfin though required a PKCS #12 file so I installed openssl CLI via Choco and fed it my .crt and .key files to generate the necessary pfx file. So, right now all the cert information is tied to my "pretty" domain via my domain register. I would assume that my register and Let's Encrypt has my private key info, but also my key files uploaded to the NAS and rolled into the PFK file.Not sure if that helps or answers your question but that's the info I got.
"Terminated" means something that's using the certificate to encrypt connections. You got the certificate but doesn't sound like anything is actually using it.
You can give it to Jellyfin so it can start encrypting the HTTPS port. The downside is that you'll be stuck using your pretty domain for just Jellyfin, for now.
If you decide to use it for more services later you can install a reverse proxy, get a wildcard certificate for *.pretty.domain, start creating subdomains as CNAMEs to the FreeDNS (eg. jellyfin.pretty.domain) and defining them in the reverse proxy.
The reverse proxy will be handling the forwarded port and terminate the encryption for all subdomains, and will hand-off the unencrypted connection privately to the relevant app based on which domain the visitor is using (and issuing 404 not found it they use a domain you haven't defined).