Selfhosted

41638 readers

587 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

[email protected]

Nextcloud behind Cloudflare zero trust (feddit.nl)

submitted 1 day ago by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

For some time, I've hidden my nextclould behind CF zero trust. When refreshing certificates via letsencrypt I would manually disable the tunnel, refresh and re-enable the tunnel. Now that letsencrypt will no longer notify me via email I need a more robust (read automated) way of refreshing certs. Do I have any options other than disabling zero trust? (the advantage would be I no longer need vpn to have the mobile app working).

top 12 comments

sorted by: hot top controversial new old

[–] [email protected] 10 points 1 day ago* (last edited 1 day ago) (1 children)

Maybe you can use letsencrypt's DNS-01 challenge. That works without an HTTP connection. But ultimately, I don't think you need a certificate on the server, doesn't Cloudflare tunnel the traffic (unencrypted) and terminate the HTTPS on their side?

[–] [email protected] 1 points 1 day ago

Thanks for the reply, among all answers I chose this. Just because it works for me.

[–] [email protected] 3 points 1 day ago (1 children)

DNS-01 challenge with letsencrypt. Or use cloudflare tunnel and don't use https internally.

[–] [email protected] 1 points 1 day ago

Thanks for the reply, among all answers I chose this. Just because it works for me.

[–] [email protected] 5 points 1 day ago* (last edited 1 day ago) (1 children)

Behind a cloudflare tunnel you can use a self signed or expired certificate, just check the "no TLS verify" checkbox

Edit: or use DNS based verification, nginx proxy manager can do it automatically using cloudflare api when behind cloudflare tunnels

[–] [email protected] 0 points 1 day ago (1 children)

Thanks for the reply, among all answers I chose this. Just because it works for me.

[–] [email protected] 3 points 16 hours ago (2 children)

Are you a bot?

[–] [email protected] 1 points 5 hours ago

Would a bot tell you? 🧐

[–] [email protected] 1 points 10 hours ago* (last edited 10 hours ago) (1 children)

No posts/c9mments in like a year and a half, then this... I'd guess yes.

[–] [email protected] 1 points 5 hours ago (1 children)

3 people independently advice dns challenge. They all deserve the same appreciation don't they?

[–] [email protected] 1 points 3 hours ago

I don't think a copy/paste answer comes across as appreciation, no.

It comes across weird, especially on a low activity account, and seems like a bot response that got stuck.

[–] [email protected] 1 points 1 day ago

Setup a cron that does it once per day, when you don't need it, like certbot does. Easy.