84 lines
3.2 KiB
Plaintext
84 lines
3.2 KiB
Plaintext
You can set up your cloud without purchasing a domain.
|
|
|
|
to do this, skip DNS setup during initial install, this means you cannot reach the various services via hostname yet.
|
|
|
|
Then, go to http://?localip?:5380 and log in with your admin password, this is your pihole dashboard.
|
|
|
|
go to settings > local dns records and add two records:
|
|
|
|
| domain | IP
|
|
| ?domain? | ?localip?
|
|
| *.?domain | ?localip?
|
|
|
|
|
|
now you can reach your cloud with whichever domain you want as long as you are on the pihole DNS.
|
|
|
|
The VPN is set up by default to use this DNS, so you will also be able to reach your cloud when using your VPN, allowing use on the go.
|
|
|
|
in your router's DHCP settings, set ?localip? as the DNS server.
|
|
|
|
in any device with a static ip, configure its dns server to ?localip?
|
|
|
|
|
|
next, you'll need to deal with HTTPS certificates on your proxy server. Because we cannot use letsencrypt, we'll have to do this ourselves. You can skip this, but that results in vaultwarden not working.
|
|
|
|
run the gencerts.sh script, this will generate the certs for you and put them in a folder inside browser.?domain? which should now be reachable over http
|
|
|
|
on ?localip?:81, log in, go to certificates > add certificate > custom
|
|
|
|
fill in your main domain as the Name
|
|
|
|
for the certificate key, use the wildcard.key file
|
|
for the certificate, use the wildcard.crt file
|
|
for the intermediate certificate, use the intermediate.crt file
|
|
|
|
|
|
because this certificate is not backed by a public certificate authority like letsencrypt, you have to manually trust the root cert on each device you want to use the cloud on, or deal with "certificate untrusted" warnings.
|
|
|
|
below are guides for doing this:
|
|
|
|
|
|
windows:
|
|
|
|
download and double-click rootCA.pfx
|
|
select "Local Machine" and click next, password is empty.
|
|
choose "place all certificates in the following store" and choose "Trusted Root Certification Authorities"
|
|
click finish and confirm with "yes" if prompted.
|
|
|
|
macOS:
|
|
|
|
download and double-click rootCA.pfx
|
|
if prompted for a password, leave it blank and click yes
|
|
open Keychain Access (applications/utilities/keychain access)
|
|
locate the imported rootCA.pfx certificate in the login or system keychains.
|
|
double-click the certificate, expand the "trust" section and set "When using this certificate" to "always trust"
|
|
|
|
Linux:
|
|
|
|
download the rootCA.crt file
|
|
copy rootCA.crt to /usr/local/share/ca-certificates/ using the following command from the directory rootCA.crt is in, or by using your file manager.
|
|
sudo cp rootCA.crt /usr/local/share/ca-certificates/
|
|
|
|
then update the CA store by rebooting or running the following command:
|
|
sudo update-ca-certificates
|
|
|
|
android:
|
|
|
|
download rootCA.crt to your device
|
|
open settings > security > encryption & credentials > install a certificate
|
|
select rootCA.crt and set a Name
|
|
reboot if prompted
|
|
|
|
IOS:
|
|
|
|
download rootCA.crt to your device
|
|
open the file in safari and tap "install"
|
|
go to settings > general > VPN & Device management > configuration profile and install the certificate
|
|
enable full trust in settings > general > about > certificate trust settings
|
|
|
|
|
|
now that you've set your DNS correctly and trusted the cert, you should be able to visit all of your sites via https://dash.?domain?
|
|
|
|
the certificate is valid for 10 years, after which you can generate a new one with gencerts.sh
|
|
|