I recently generated a self-signed cert to use with NGINX via it’s GUI.
- Generate cert and key
- Upload these via the GUI
- Apply to each Proxy Host
Now when I visit my internal sites (eg, jellyfin.home) I get a warning (because this cert is not signed by a trusted CA) but the connection is https.
My question is, does this mean that my connection is fully encrypted from my client (eg my laptop) to my server hosting Jellyfin? I understand that when I go to jellyfin.home, my PiHole resolves this to NGINX, then NGINX completes the connection to the IP:port it has configured and uses the cert it has assigned to this proxy host, but the Jellyfin server itself does not have any certs installed on it.
Ah, I guess I might need to add my RootCA to my phone, laptop, pc huh? That would get rid of the untrusted warnings. Yes, please feel free to share if you have documentation!
Update: I setup my own local CA and got it working. Thanks for the tip!