Hey all!

I have a bunch of services running on my home server and was looking to expose some of them publicly via Cloudflare tunnel. This is done and working great using the origin server certificate and strict TLS.

Up until now, I’ve been using self-signed certs internally but now I don’t want to deal with the “proceed anyway” crap on browsers. I have Traefik set up to get certs from Cloudflare using DNS challenge and that seems to be working.

So, now my problem is: how do I switch between these certificates for the same URL when I’m internal vs public? I’d rather keep that traffic local if I’m at home, which is also working, I just can’t figure out how to get Traefik to use the appropriate certificate depending on if the request is coming from my LAN or Cloudflare.

Any suggestions? Is there a better way to accomplish what I want to do?

EDIT: Looks like I’m just going full Cloudflare on this one, thanks for your help everyone!

  • TheButtonJustSpins@infosec.pub
    link
    fedilink
    English
    arrow-up
    4
    ·
    8 months ago

    Why would you need to continue using the self-signed certificates for the Cloudflare connection? Just use the valid certificate for all connections.

    • shiftymccoolOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      I’m not using self-signed anymore, I’m getting them from Cloudflare via DNS challenge