I recently generated a self-signed cert to use with NGINX via it’s GUI.
- Generate cert and key
- Upload these via the GUI
- Apply to each Proxy Host
Now when I visit my internal sites (eg, jellyfin.home) I get a warning (because this cert is not signed by a trusted CA) but the connection is https.
My question is, does this mean that my connection is fully encrypted from my client (eg my laptop) to my server hosting Jellyfin? I understand that when I go to jellyfin.home, my PiHole resolves this to NGINX, then NGINX completes the connection to the IP:port it has configured and uses the cert it has assigned to this proxy host, but the Jellyfin server itself does not have any certs installed on it.
Gotcha, that matches my assumptions. Yes everything is internal. It’s accessible remotely via Wireguard, but I mostly wanted to get some practice with NGINX/ TLS certs (also way easier to refer to things around the house with
<service>.homelabisntead ofIP:port, haha.So if I did want this to be fully encrypted, I would essentially need to configure each service (jellyfin, home assistant, etc) to have SSL on them with this self-signed cert/ key that I used on NGINX (or perhaps new cert/ key) and then I would be all set?