| ▲ | ThunderSizzle 8 hours ago |
| I think partially is not having to worry about certs is a nice reason to hide behind the proxy. Also, to help hide your IP address, I guess. Of course, on the other hand, I know that relying on Cloudflare cert's is basically inviting a MITM attack. |
|
| ▲ | huijzer 8 hours ago | parent | next [-] |
| > I think partially is not having to worry about certs is a nice reason to hide behind the proxy. Use Caddy. I never worry about certs. |
| |
| ▲ | ThunderSizzle 7 hours ago | parent | next [-] | | Interesting. I've done a lot of manual work to set up a whole nginx layer to properly route stuff through one domain to various self-hosted services, with way to many hard lessons when I started this journey (from trying to do manual setup without docker, to moving onto repeatable setups via docker, etc.). The setup appears very simple in Caddy - amazingly simple, honestly. I'm going to give it a good try. | |
| ▲ | immibis an hour ago | parent | prev [-] | | Or certbot-plugin-nginx if you prefer a bit less magic. |
|
|
| ▲ | ptx 7 hours ago | parent | prev [-] |
| Don't you need a cert anyway to secure the connection from Cloudflare to your server? |
| |
| ▲ | omcnoe 7 hours ago | parent | next [-] | | Cloudflare explicitly supports customers placing insecure HTTP only sites behind a cloudflare HTTPS. It's one of the more controversial parts of the business, it makes the fact that the traffic is unencrypted on public networks invisible to the end user. | |
| ▲ | ThunderSizzle 7 hours ago | parent | prev [-] | | You could use a self-signed cert, since cloudflare doesn't care about that. |
|
