Local caprover with external application with SSL about caprover HOT 2 CLOSED

This is the key disadvantage to having your server tucked away behind a NAT and trying to use the provided certbot bundled with CapRover. For SSL's to be issued, your CapRover instance must be reachable from the outside world.

There's a couple ways to do this, but the way a lot of people are doing this is done is using a CloudFlare Argo Tunnel (part of their Zero Trust suite of services). This has the advantage of issuing an SSL directly on their end with no further need on your end. However, you can also enable SSL's on the CapRover side if you leverage this service. so you can get end-to-end encryption.

The other way would be if you have an IP that can be reached from the outside world, then you can expose and foward ports 80 and 443 to your CapRover instance. This is generally not an option if your internet provider is LTE/5g based, or Satellite based such as Starlink. (like I have). This requires access to the router.

Another option is to setup a cheap VPS for as low as $3.50/mo with a provider like Vultr that gives you a static IP and then running a reverse proxy server back to your machine. You can use WireGuard as a server on the VPS with Haproxy or some other proxy application and then the client on your CapRover instance, but this is tricky to setup. Another option would be to use something like BoringProxy, which can issue an SSL directly on the VPS side, or let your CapRover instance issue it.

The easiest way and doesn't require any static IP or access to a router would simply to use CloudFlare tunnels. This is the setup I recommend to most people because it also ads a thin layer of extra web application production and some usage insights as a bonus.

from caprover.

Thank you very much for the tips
I use pfsense as a firewall, so I will test with haproxy

from caprover.