Sathya Profile picture
Feb 10 11 tweets 3 min read Read on X
yak shaving moments of earlier in the day:

I have an Asustor NAS () that comes with a self-signed TLS cert for enabling TLS connections. Self-signed means that every browser will complain due to root cert not trusted. Decided to use Lets encrypt.sathyabh.at/nas/
to get the cert. but I don't want to use nginx or certbot to manage the cert plus needed a simple reverse proxy, to installed @caddyserver because of it's automatic TLS support.

But wait, automatic TLS required publicly accessible connections. I don't want to do that for my NAS
So, decided to use dns-01 for domain verification. But wait, caddy doesnt come with support for DNS provided out of box - need to recompile with that addon. But wait, I don't need that since I run caddy as a container, so try to find a way to get the DNS provider module.
But wait, this is also not supported and left as community contributed stuff. Look around, see there are bunch of different options (like xcaddy, build a new image based on the rebuilt caddy with dns provide module added on. Don't want to do that.
Remember on the back of my mind that @mrkaran_ had done something similar. Go find his work on his repo.

So go steal his image. But wait, need to setup Cloudflare API token. Fumble around how to do that & then give up and search for "cloudflare api token"github.com/mr-karan/caddy…
But wait, API token need to be setup with the least privileges. See that CF already provides some templates for API token permissions, take a few mins to read the wordy descriptions of each. Pick the right one. Have a token. Stick token into Caddyfile. Setup DNS record for NAS
Restart caddy container. See the logs and verify that API auth is working as expected. But wait, don't want plain text secrets in Caddy file. Go hunting ways to correct this. Find out can pass env variables to Caddy and can use these variable references in Caddyfile.
Modify Caddyfile to remove plain text token. Caddy runs. Still no TLS. Go back to logs. Realize caddy runs as container, while Asustor's portal isn't running as container. Figure out ways to get connection working from container to host.
Can cheat by adding the external IP. But don't want to do that. Want to do it right (lol). Can't use host.docker.internal because not running docker desktop. Finally got tired of yak shaving and stick in the docker network's gateway IP as reverse proxy.
Everything works. All because I want a nice TLS connection for my NAS portal that I use seldom, no one else uses, and is not publicly accessible.

and that is how I spent couple of hours on Saturday night. Send help.
@threadreaderapp unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Sathya

Sathya Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SathyaBhat

Oct 1, 2022
After nearly two months of moving to my new place, finally finished setting up my work/gaming system. There's still some cables hanging from the monitor, need to tie them better.
The monitors are LG 27" 4k UL500, while the other is a Gigabyte M28U. Why two separate ones? Ideally, I would have wanted 2x 32" 4K screens but didn't have enough space to keep a 180mm width desk that is required for the 2 32-inch screens.
(trust @joshenoy & me - we measured the rooms with a tape measure over & over to be sure).

So got 2x28" inch ones. The LG is about half the price of the Gigabyte since it goes only to 60Hz & doesn't have Freesync. For me the higher refresh rate wasn't that noticeable.
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(