I am hosting few services for my friends and family on my server. Due to devices limitations, I can’t install VPN on TVs etc. Is it possible to restrict the access to only those users that have a certificate issued by me?

  • sv1sjp@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Personally I use Caddy reverse proxy server and Pihole. I have configured my IP as a domain name in local DNS (example.com).

    Caddy supports automatic TLS 1.3 support. So I just copied the CA file snd I installed to all of my devices (even in my Oculus Quest 2). I want to watch movies? I am coming to movies.example.com. i want to read my books? bookd.example.com.

    Caddy configuration is very easy, even using containers with docker.

  • trimmerfrost@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Use mTLS (mutual TLS) also called client certificates with nginx or whatever your webserver is

    • amp@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      mtls over nginx is the simplest way. but be aware that while it works great on desktop browsers, other reduced browsers (incl mobile) often don’t support it.

      • trimmerfrost@lemm.ee
        link
        fedilink
        arrow-up
        0
        arrow-down
        1
        ·
        1 year ago

        It works on Android using Chromium based browsers too. You have to install your client certificate in the Android Settings. When you visit the site using a chromium based browser, it will ask you to verify yourself using the installed certificate. I used to use it in the past

        Unfortunately it doesn’t work with Firefox on Android. Don’t know anything about iOS