HomeLab SSL certificates for FREE with minimal effort

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys perator today we're going to continue our home lab we are going to be setting up SSL certificates for all of our current and future Services we are going to be doing this with let's encrypt and engine X proxy manager a few things that you need to be made aware of how we are going to be setting this up the resources will not be public accessible also this means we won't have to punch any holes in our firewall but we will still have a let encrypt certificate we will be doing this by setting up DNS records that'll point to local IP addresses instead of poting to public addresses quite a few people are unaware that you can use public DNS like this doing this makes it so that you won't have to make your own DNS server just for local DNS but like we did in the last episode you can still use this for other benefits like whole network ad blocking we will also be using duck DNS and this means that you can save a few bucks on buying a domain and just use duck DNS for your domain if you would like to use your own domain that is also an option however I'm not going to cover exactly how to do it with every DNS provider we are going to be using engine X proxy manager but you can also do the same thing with something like traffic swag caddy or other reverse proxies most will work just fine just as long as it supports dns1 verification I think that engine X proxy manager is the most simple and a great reverse proxy to get started with since we're going to be using let encrypt let's go over the two most popular challenge types all this information is available at leton cp.org normally when using leton Crypt to issue SSL certificates let's encrypt runs a temporary web server and sends a challenge to that server if the server responds correctly then you issued your certificate this is called http1 this is great for publicly accessible sites and is the most common challenge however there is another dns1 this challenge wants you to prove that you have control over the DNS for your domain this is done by putting a txt or a text record under that domain name leson Crypt sends a token once the token is received by the client the the client creates a text record or txt record based off of the token and your account key once the text record is set let's encrypt quy's DNS for that record and if it finds a match then you can be issued your certificate DNS all1 also allows for wild card certificates meaning that we're only going to really need one for our home lab so in the previous video we installed Docker painer and P hole however we're still going to quickly walk through how to install Docker and painer you can skip installing pothole because it's not necessarily in order get engine X proxy manager to work you can skip this section of the video if you've been following along I'm including this so that the video stands on its own without needing to go back and watch other videos I have went ahead and created another VM in order to show how to install Docker as well as painer this VM just represents whatever machine that you would like to be installing Docker and painer own to in order to start this installation process I'm going to go ahead and head over to a terminal and in this terminal I'm going to go ahead and SSH into the machine in which I want to install Docker and painer own to once we've logged in V SSH we want to go ahead and update the machine in order to do this we're going to do pseudo at update and and pseudo at disk upgrade press enter you'll be prompted for the password of the user once you've done this you should go ahead and get the updates for this machine uh if it prompts you go ahead and press enter or press Y and then press enter on auntu you will be asked which Services should be restarted in our case we're just going to go ahead and press Tab and press enter to select the default that have already been checked once this is done you should be finished updating the system now that we have all of our updates we're going to head over to docs. deer.com and we're going to look for installing Docker in jonu I'll have this Linked In the video description over on the left hand side you can see many other operating systems in which you can go ahead and install Docker own 2 or distributions under here we're going to go ahead and scroll down until we see installation methods and below that we should see installer using the AP repository for Simplicity sake we're just going ahead and copy this command head back over to our terminal paste it in press enter you're prompted go ahead and press Y and press enter once this is done you should have the repository added so that we can install docker head back over to the website scroll down to where you say where it says install the docker packages here we're going to ahead and copy this command head back over to our command line paste this in press enter if you're prompted once again go ahead and press Y and enter and once this is done you'll have Docker as well as Docker compose installed you may be prompted once again which Services should be restarted in our case we're going to go ahead and just press Tab and press okay once that's done we'll have Docker as well as Docker compose installed the last step to installing Docker is to make sure the docker works so we're going to head back over to the website head down step three which is verify that the docker engine installation is successful by running the hello world image we're going to go ahead down here and click copy head back to our terminal paste this in once again and press enter once we've done that it should go ahead and pop up a message saying hello from Docker this message shows that your installation appears to be working correctly now we verifi the docker is working successfully we're going to install painer order to do this we're going to head over to docs. portainer doio the link will be in the description and we're going to go ahead and scroll down to where it says deployment under deployment we're going to ahead and copy this command and head over to our terminal once we paste this in we will get an error this is because we're not part of the docker User Group in order to add us ourselves to the docker User Group we're going to do Pudo user at user mod d a capital G the name that we'd like to add us to so in this case it'll be the docker group that we'd like to be added to and and the name of our user or if you want to add this user you can do moneys sign user once we've done that we can see that we are actually part of this group by doing ID right now it does not show us as part of that group because we're still currently logged in in order to do to check this we need to refresh our session we can do this by doing exit and re sshing in once we re sshed in we can clear the screen and do an ID now as you can see we're part of Docker now that we're part of Docker the command that we need to run earlier Docker volume create painer data should work properly after this we can go ahead and move into the next step which is starting the docker container for what we're going to be doing we're going to be using the Community Edition and all we need to do to do this is head down here and grab this command head back to our terminal paste it in and press enter this will pull the image and go ahead and set up portainer so that it is running now that we have portainer up and running we just need to access it in order to do this we're going to head back over to our web browser open a new tab and as I have here you need to type in HTTPS col sl/ followed by the IP address of the machine that you have installed on after that following colon 9443 or whatever you have your uh Port set to on your host after you're here you can go down to Advanced click advance and then hit accept the risk and continue now all we need to do is set a username and a password in my case I'm going to set the username to perculator and we're going to set the password to something super secure once we've done that we hit press user great user excuse me and we're going to go ahead and press the get started button once we're here it'll show our local container instance and click on it and in here will be our painer dashboard now that we have both Docker as well as painer up and running I'm going to go ahead and show you how to install engine X proxy manager on both you will only need to create one of these but I want to show you both and you can choose whether to use Docker comp POS or painer both have pros and cons whichever you choose is just personal preference we're going to go ahead and install engine X proxy manager using Docker compose and order to do this we're going to head over to the engine X proxy manager website and go down to where it says quick setup once here we're going to go ahead and copy the Amo file and we're going to head back over to our machine once here we're going to do a new directory mkd and we're going to name it something memorable so we're just going to name engine X proxy after that's created we're going to go ahead and CD into engine X proxy and and we're going to go ahead and create our Docker compost file in order to do this we're going to use whatever your favorite text editor we're just going to be using Nano in this case and we're going to name it Nano Docker SL compose yml once we've done this we can go and press enter and it'll bring up our Nano with our doer compos Amo paste in what we've copied from the website press CR o press enter after that we can go ahead and press crl X to exit now we've done that we can head over to the website again and go down to where it says Docker compose up- D copy this head on over to our terminal paste it and press enter once we've done this we could go ahead and see that it's going to spin up our container using engine X proxy manager now we can check to make sure the engine X proxy manager is up and running properly in order to do this we're going to head over to our web browser once here we're going to open a new tab and enter the IP address of the machine that we install inex proxy manager own to for me this is going to be 192.168.0 31 and then we're going to add a colon 81 to it this is where the UI for engine X proxy manager lives once you've done that go ahead and press enter and you should be greeted with a login screen saying to log to engine X proxy manager we're going to be covering the next few steps after I've covered how to install it using painer to install engine X proxy manager using portainer it's pretty simple in order to do this we're going to go ahead over to Stacks once in stack stack so we're going to go to add stack and we're going to give it a name I'm going to name this engine X proxy after that we're going to head over to the engine X proxy manager website this link will be in the video description once here we're going to copy the docker compose yaml after we've done that we're going to head back over to portainer and paste it in now that we've done that all we need to do is go down here to deploy the stack after a bit of time has passed you'll get a notification up here saying that success stack has successfully deployed now that the container has started up successfully we need to access engine X proxy manager and order to do this we go ahead and create a new tab and go to the IP address of the machine that we installed it on so in my case this would be 192.168.0 do30 and then we're going to give it a colon 81 as the port after a second it should pop up the UI and ask you for a login from here own it does not matter whether you install using Docker compose or painer in order to log in we're going to head over to the engine X proxy website once we're here we're going to go down to where it says default admin user from here we're going to ahead and copy the email address and paste it in after we have it copy and paste we're going to go back and grab the password which is just change me once we have both of these P pasted in we can go ahead and press sign in on sign in we're going to be prompted to edit the user we want go ahead and change all of this information so that is something of Our Own in my case I'm going to be naming it perculator and we're going to give it a nickname of also perculator after that we're going to go ahead and enter our email address after you have your email address entered we're going to head and press save now you'll be prompted to change the password you go ahead and paste that password in which is change me and you can go ahead and create a new super secure password now that we have our password changed all we have to do is go and press save then we'll be presented with our user as you can see my name is perculator my email address is listed here and my role is administrator now that we have engine X proxy manager up and running we're going to go ahead and head over to duck DNS once I'm duck DNS go ahead and log in once you're logged in you can go down here to where it says domains and over here you need to type in some kind of domain that you would like to name this in my case I'm going to be naming perculator and press the button that says I domain once the domain is added we can head over to where it says current IP address and get rid of it and we're going to enter the IP address of the machine that we have engine X proxy manager set up on in my case this is going to be 192.168.0 do30 and then we're going to press the button that says update IP as far as duckdns goes that's all we need to do you can also do this with other DNS providers however we're only going to be covering how to do it with duck DNS now we have DNS configured we're going to head over to engine X proxy manager once here we're going to go to SSL certificates and and click add SSL certificate under domain names we're going to go ahead and add in the domain name that we have created in my case perculator dogs.org and press enter after that we're going to go ahead and put a star Dot and also put this behind this this is going to be our wild card after that we can go ahead and press enter and then we're going to go down to where it says I would like to use a DNS challenge once we've done that we want to go to DNS provider and we want to select du DNS after selecting duck DNS we head back over to duck DNS and we need to copy this token after we've copied this token head back to engx proxy manager and go to where it says DNS uncore du DNS uncore token equals your DNS token from here we're going to go ahead and delete after the equal sign and paste in our DNS token after this we're go ahead and set the propagation time to 120 I've seen that this does tend to help out a little bit and then we're going to check the box says I agree to let some Crypt ter a service after we've done this we're going ahead and press save this may take a few minutes to process as you can see I ended up with an error this error is not completely my fault and if you get it it's not completely yours this is due to DNS not proper getting out quickly enough in order to resolve this I'm just going to wait a few minutes and try again after waiting a few minutes and then trying again as you can see my is now successful and I now have my SSL certificate now that we have our SSL certificate we can go ahead and start adding our services the first service that I would like to go ahead and add is going to be Megatron Megatron is my proxx node and I want to be able to access it via a SSL certificate in order to do this we're going to head over to engine X proxy manager go to host and head to proxy host once here we're going to press add proxy host now we can set our domain name your domain name should be a subdomain followed by your fully qualified domain name my for instance will be megatron. perculator DOD duckdns.org once you've done this go ahead and press enter and it'll turn it to a little great box after that we need go ahead and set the scheme and since we're already using https we can select https and then we ENT the IP address of the service that we want to add in my case it'll be 192.168.0.1 144 and we need to add the port for that service in prox boox this case it'll be 8006 once we have that set we can go ahead and hit block CL and exploits if we would like and we can check on a few of these but that's kind of up to you in my case I'm just going to leave this and I'm going to go ahead and click websocket support now we need to go over to the SSL tab from here go to the drop down menu and select your SSL certificate after that we can do Force SSL if we' like to force it and you can look into a couple of these other settings if you would like but for what we're doing this will be working completely fine now I'm going to go ahead and press save and we'll we'll get an entry under here this new entry we can go over to this box that says the domain name and click on it and it will take us to that service from here if we go up to our URL box we can see that's verified by let's encrypt if we click on it and click secure Connection in Firefox we can see it is in fact verified by let's encrypt and we can get more information if we need that here next I'm going to be setting up our painer in this so we're going to head back to engx proxy manager and we're going to up to this button that says add proxy host now that we're here we go and set up a domain name just as we did before now that we have our domain name set up we can go down to scheme and in this case we can go check it uh and we can see this https so we want to select https and we want to go ahead and enter the IP address this will be 1 192.168.0.0 for me and we need to set the port so we know that this is oh look 9443 so we're going to set this to 9443 after that we're going to go ahead and click a couple of these boxes like block cling exploits and websocket support and then we're going to head back over to SSL just like we did before and select our SSL certificate from here we can click Force SSL and press save now that we have that done all we have to do just like before is Click where it says portainer per. duckdns.org and it'll take us to our painer it will make us log in again but once again if we go up to the lock we can see that we have a secur connection and it's verified by Lex and cryp now we're going to be sing the SSL certificate for Pyle this one is the most complicated in order to set this one up we're going to go ahead and do add proc host then we're going to be giving it a domain name once we have the domain name set we go ahead and do like we have before and we're going to ENT the IP address and we're going to set the port once we have all that done we can go ahead and click the websockets button and block cling exports as we have in the past and go up to SSL once we're at SSL we can go down to cc. DNS and click it then we click Force SSL once we've done this we can go and press save now if we go ahead and click this it will give us a 403 Forbidden in order to fix this we can go to this Reddit post that I'll have Linked In the video description and we can go ahead and copy this part of the post once we have that copied we can go over here to edit go to Advanced and paste this in up here where it says py hole IP address we need to go ahead and set the P hool's IP address in my case that'll be 1 192.168.0.0 do30 and then the port we're going to go ahead and set as 8080 once we have this done and we make sure that everything looks all right we go ahead and press save and now we should be taken to our P hole instance the last SSL certificate we're going to be setting up today is a bit of inception we're going to be setting up our proxy manager inside of our proxy in order to do this we're going to go to add proxy host then here we're going to enter our domain name once we have our domain name added we can go ahead and enter the IP address and we can go aad and set set our port number in my case that's Port 81 from here we can go ahead and check the box that says block common exploits and websocket supports from there we can go to SSL and select our certificate once we've done this we can go and press save and that should be all we need to do if we click the proxy button it'll take us to our engine X proxy manager now that we have showed you a few examples in the future you should be able to add your own services to engine X proxy manager that's going to be all for this video If you enjoyed it or if you learned something please remember to like comment and sub subcribe it really helps motivate me and making more videos in the future also some feedback on what I can improve and topics that you would like to see in the future is greatly appreciated thank you for watching
Info
Channel: Perkelator
Views: 16,635
Rating: undefined out of 5
Keywords:
Id: sRI4Xhyedw4
Channel Id: undefined
Length: 19min 41sec (1181 seconds)
Published: Thu Oct 05 2023
Related Videos
Should Your HomeLab Services Be Publicly Accessible? (How to with TailScale)
Perkelator
3.3K
Quick and Easy Local SSL Certificates for Your Homelab!
Wolfgang's Channel
607K
SSL Certificates Made EASY With Traefik Proxy, Clouflare, and Let's Encrypt - Tutorial
Jim's Garage
39K
What's on my Home Server?? MUST HAVE Services 2023!
TechHut
564K
Put Wildcard Certificates and SSL on EVERYTHING - Traefik Tutorial
Techno Tim
542K
Self Hosting on your Home Server - Cloudflare + Nginx Proxy Manager - Easy SSL Setup
Raid Owl
309K
HomeLab Services Tour 2024 - What Am I Self Hosting?
Techno Tim
286K
Putting it All Together - Docker, Docker-Compose, NGinx Proxy Manager, and Domain Routing - How To.
Awesome Open Source
126K
Server Certificates - Self Signed and LetsEncrypt Certificates for the LAN
OneMarcFifty
30K
Nginx Proxy Manager on Proxmox : Docker Setup for Web Services and Stream
syncbricks
7.7K
Is this the BEST Reverse Proxy for Docker? // Traefik Tutorial
Christian Lempa
473K
Nginx Proxy Manager - How-To Installation and Configuration
Christian Lempa
386K
Self-Host All Your Homelab Services with DuckDNS -- Free Dynamic DNS Running on Docker
Techno Tim
76K
My Proxmox Home Server Walk-Through: Part 1 (TrueNAS, Portainer, Wireguard)
Hardware Haven
1M
Self-Hosting Security Guide for your HomeLab
Techno Tim
306K
What's On My Home Server? Storage, OS, Media, Provisioning, Automation
Wolfgang's Channel
1M
New 2024 openmediavault getting started, omv extras and portainer
Rob with Tech
7.6K
LetsEncrypt our homelab with valid wildcard SSL certificates - Tutorial for Beginner
ILTPWC
10K
you need this FREE CyberSecurity tool
NetworkChuck
1.1M
What's On My Smart HomeLab Server?
Everything Smart Home
266K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.