I am hosting few services for my friends and family on my server. Due to devices limitations, I can’t install VPN on TVs etc. Is it possible to restrict the access to only those users that have a certificate issued by me?

  • SheeEttin@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    I doubt you’ll be able to install client certificates on TVs either. Typically you’d establish a site to site VPN in each location’s network stack.

    • WhyAUsername_1@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      I am hoping it might work. It’s Android TV. So it should support certificates. Site to site VPN is a bit challenging. I will try to explore the mTLS option suggested here.

      Thanks!

  • sv1sjp@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Personally I use Caddy reverse proxy server and Pihole. I have configured my IP as a domain name in local DNS (example.com).

    Caddy supports automatic TLS 1.3 support. So I just copied the CA file snd I installed to all of my devices (even in my Oculus Quest 2). I want to watch movies? I am coming to movies.example.com. i want to read my books? bookd.example.com.

    Caddy configuration is very easy, even using containers with docker.

  • amp@kbin.social
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    ^ that is the way. works well on desktop browsers, but others like mobile often don’t support mtls :(