Use a reverse proxy to expose only the necessary CA endpoints. Caddy. #1641
Unanswered
lukasz-lobocki
asked this question in
Q&A
Replies: 1 comment
-
Hi! Good question. Check out the section Exposing your CA to the internet in our blog post Access your homelab from anywhere with a YubiKey and mutual TLS. It shows how to proxy the ACME endpoints, but you could expose more (as described in the docs that you mentioned) if you want. Hope this helps. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am trying to make my ca available from public internet. I successfully did it by forwarding the whole port
:9000
on my router (my step-ca operates on this port).However I would like to follow this advice, but I do not know how to do it with Caddy (note: my caddy and my smallstep are on 2 different internal hosts).
I tried this in Caddyfile:
but when issuing on client
I am getting
Beta Was this translation helpful? Give feedback.
All reactions