Hi
New to Asustore, There is an Asustore certificate already installed by default in my AS6704T.
Is this certificate enough or do I need a Lets Encrypt certificate?
I already have one with my asus router, could I use the same certificate and DDNS, or do I need another DDNS.
Thank You
Mario
Lets Encrypt question
-
- Posts: 38
- youtube meble na wymiar Warszawa
- Joined: Tue Nov 15, 2022 9:42 pm
- Nazar78
- Posts: 2084
- Joined: Wed Jul 17, 2019 10:21 pm
- Location: Singapore
- Contact:
Re: Lets Encrypt question
Depends what you want to do and which service is using the certs. There's few ways to do this, either on the router or on the NAS.
If your DDNS supports wildcards i.e. my-service.subdomain.domain.com, you can just stick to your router's cert and DDNS. Just install and run a reverse proxy on your router to route traffic to your backend non-HTTPS NAS ports. This means all the incoming connections will be managed from the router's reverse proxy distinguished by vhosts. You can use lightweight daemons such as Nginx or Træfɪk. This is the best setup if you have many service that needs to be exposed to the internet i.e. my-website1.subdomain.domain.com, my-website2.subdomain.domain.com etc. Best if you own the domain and your registra supports wildcards so you can do many of my-website[0-9a-z].mydomain.com.
Or if it doesn't support wildcards and you can only do port segregation, you still can use the router's DDNS but the certs needs to be setup and installed on the NAS to which service is hosting the HTTPS port.
If your DDNS supports wildcards i.e. my-service.subdomain.domain.com, you can just stick to your router's cert and DDNS. Just install and run a reverse proxy on your router to route traffic to your backend non-HTTPS NAS ports. This means all the incoming connections will be managed from the router's reverse proxy distinguished by vhosts. You can use lightweight daemons such as Nginx or Træfɪk. This is the best setup if you have many service that needs to be exposed to the internet i.e. my-website1.subdomain.domain.com, my-website2.subdomain.domain.com etc. Best if you own the domain and your registra supports wildcards so you can do many of my-website[0-9a-z].mydomain.com.
Or if it doesn't support wildcards and you can only do port segregation, you still can use the router's DDNS but the certs needs to be setup and installed on the NAS to which service is hosting the HTTPS port.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
-
- Posts: 3
- Joined: Thu Jun 03, 2021 3:57 am
Re: Lets Encrypt question
it think that is not for new user because we need complex configuration reverse proxy, reverse proxy, etc, etc. Do you have full tutorial about that please?Nazar78 wrote:Depends what you want to do and which service is using the certs. There's few ways to do this, either on the router or on the NAS google account manager apk
If your DDNS supports wildcards i.e. my-service.subdomain.domain.com, you can just stick to your router's cert and DDNS. Just install and run a reverse proxy on your router to route traffic to your backend non-HTTPS NAS ports. This means all the incoming connections will be managed from the router's reverse proxy distinguished by vhosts. You can use lightweight daemons such as reverse proxyor Træfɪk. This is the best setup if you have many service that needs to be exposed to the internet i.e. my-website1.subdomain.domain.com, my-website2.subdomain.domain.com etc. Best if you own the domain and your registra supports wildcards so you can do many of my-website[0-9a-z].mydomain.com.
Or if it doesn't support wildcards and you can only do port segregation, you still can use the router's DDNS but the certs needs to be setup and installed on the NAS to which service is hosting the HTTPS port.
- Nazar78
- Posts: 2084
- Joined: Wed Jul 17, 2019 10:21 pm
- Location: Singapore
- Contact:
Re: Lets Encrypt question
Which tutorial?
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response