I am hosting few services for my friends and family on my server. Due to devices limitations, I can’t install VPN on TVs etc. Is it possible to restrict the access to only those users that have a certificate issued by me?
I doubt you’ll be able to install client certificates on TVs either. Typically you’d establish a site to site VPN in each location’s network stack.
I am hoping it might work. It’s Android TV. So it should support certificates. Site to site VPN is a bit challenging. I will try to explore the mTLS option suggested here.
Thanks!
Personally I use Caddy reverse proxy server and Pihole. I have configured my IP as a domain name in local DNS (example.com).
Caddy supports automatic TLS 1.3 support. So I just copied the CA file snd I installed to all of my devices (even in my Oculus Quest 2). I want to watch movies? I am coming to movies.example.com. i want to read my books? bookd.example.com.
Caddy configuration is very easy, even using containers with docker.
So you have configured mTLS in caddy? Can you point me to any resources that go through how to do it?
^ that is the way. works well on desktop browsers, but others like mobile often don’t support mtls :(
deleted by creator