Comments (2)
This is the key disadvantage to having your server tucked away behind a NAT and trying to use the provided certbot bundled with CapRover. For SSL's to be issued, your CapRover instance must be reachable from the outside world.
There's a couple ways to do this, but the way a lot of people are doing this is done is using a CloudFlare Argo Tunnel (part of their Zero Trust suite of services). This has the advantage of issuing an SSL directly on their end with no further need on your end. However, you can also enable SSL's on the CapRover side if you leverage this service. so you can get end-to-end encryption.
The other way would be if you have an IP that can be reached from the outside world, then you can expose and foward ports 80 and 443 to your CapRover instance. This is generally not an option if your internet provider is LTE/5g based, or Satellite based such as Starlink. (like I have). This requires access to the router.
Another option is to setup a cheap VPS for as low as $3.50/mo with a provider like Vultr that gives you a static IP and then running a reverse proxy server back to your machine. You can use WireGuard as a server on the VPS with Haproxy or some other proxy application and then the client on your CapRover instance, but this is tricky to setup. Another option would be to use something like BoringProxy, which can issue an SSL directly on the VPS side, or let your CapRover instance issue it.
The easiest way and doesn't require any static IP or access to a router would simply to use CloudFlare tunnels. This is the setup I recommend to most people because it also ads a thin layer of extra web application production and some usage insights as a bonus.
from caprover.
Thank you very much for the tips
I use pfsense as a firewall, so I will test with haproxy
from caprover.
Related Issues (20)
- [Deployment Issue] Once click apps giving permission denied error HOT 1
- [Deployment Issue] Restart caprover after update failure HOT 12
- How to bind/publish port to IPv6 address? HOT 1
- One-Click Template for docker-compose mangling environmental values HOT 2
- [Deployment Issue] Unable to access all ports of a container HOT 1
- Extend one-click-app templates to support service update overrides
- Easy, visual way to see if web apps have SSL enabled
- 502 error because of A record - custom domain set up HOT 1
- Caprover was down due to captain-certbot HOT 2
- [Deployment Issue] Nextcloud cron One Click HOT 1
- [Deployment Issue] - Self Signed Certificate and Appending Captain to Server Domain. HOT 5
- Global environment variables HOT 3
- API/CLI for changing "captain-definition Relative Path" of an app HOT 1
- Having the same image prefix name in Caprover cluster HOT 1
- Authorisation Provider integration (AWS Cognito, Google Firebase, ...) HOT 2
- Add some kind of last modified date to the one click apps
- How to deativate basic auth once enabled HOT 1
- portmapping to localhost/ip and UFW HOT 1
- [Deployment Issue] Poste.io 502 NGINX HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from caprover.