this post was submitted on 02 Feb 2025
11 points (92.3% liked)

Selfhosted

41635 readers
787 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
11
Nextcloud behind Cloudflare zero trust (feddit.nl)
submitted 13 hours ago by cctl01@feddit.nl to c/selfhosted@lemmy.world
7 comments fedilink hide all child comments
 

For some time, I've hidden my nextclould behind CF zero trust. When refreshing certificates via letsencrypt I would manually disable the tunnel, refresh and re-enable the tunnel. Now that letsencrypt will no longer notify me via email I need a more robust (read automated) way of refreshing certs. Do I have any options other than disabling zero trust? (the advantage would be I no longer need vpn to have the mobile app working).

top 7 comments
sorted by: hot top controversial new old
[–] hendrik@palaver.p3x.de 7 points 12 hours ago* (last edited 12 hours ago) (1 children)

Maybe you can use letsencrypt's DNS-01 challenge. That works without an HTTP connection. But ultimately, I don't think you need a certificate on the server, doesn't Cloudflare tunnel the traffic (unencrypted) and terminate the HTTPS on their side?

[–] cctl01@feddit.nl 1 points 9 hours ago

Thanks for the reply, among all answers I chose this. Just because it works for me.

[–] MangoPenguin@lemmy.blahaj.zone 2 points 9 hours ago (1 children)

DNS-01 challenge with letsencrypt. Or use cloudflare tunnel and don't use https internally.

[–] cctl01@feddit.nl 1 points 9 hours ago

Thanks for the reply, among all answers I chose this. Just because it works for me.

[–] Moonrise2473@feddit.it 5 points 12 hours ago* (last edited 12 hours ago) (1 children)

Behind a cloudflare tunnel you can use a self signed or expired certificate, just check the "no TLS verify" checkbox

Edit: or use DNS based verification, nginx proxy manager can do it automatically using cloudflare api when behind cloudflare tunnels

[–] cctl01@feddit.nl 0 points 9 hours ago

Thanks for the reply, among all answers I chose this. Just because it works for me.

[–] Shimitar@downonthestreet.eu 1 points 11 hours ago

Setup a cron that does it once per day, when you don't need it, like certbot does. Easy.