Today I'm diving into Mutual TLS to securely expose my homelab services! TLS is already ubiquitous in the modern era, providing strong symmetric encryption, ...
I tried long ago, but as they said, client side authentication is an issue, most clients do not support it.
I have a system, I use wireguard vpn and for when I want to use a domain name with proper tls (because some client apps require a proper tls connection to work) I set my caddy reverse proxy to only accept request from localhost local network.
So, there’s a public domain with let’s encrypt TLS, and that domain can only be properly access from local network. Then I connect using vpn to my local network and the client app can access the service over a CA verified TLS.
I tried long ago, but as they said, client side authentication is an issue, most clients do not support it.
I have a system, I use wireguard vpn and for when I want to use a domain name with proper tls (because some client apps require a proper tls connection to work) I set my caddy reverse proxy to only accept request from
localhostlocal network.So, there’s a public domain with let’s encrypt TLS, and that domain can only be properly access from local network. Then I connect using vpn to my local network and the client app can access the service over a CA verified TLS.