0

I'm hosting an app on a NAS, port 3000.

Works great.

I have a Raspberry Pi 5 that runs Apache and a few web projects. Works great.

I've got a static IP from my ISP and can send traffic to via my domain name and subdomains. My router forwards ports 80 and 443 to the Raspberry Pi 5 that runs my Apache server.

Works great!

I use certbot to make SSL for all subdomains.

But now, I have a domain set up in Apache that redirects to the app on the NAS.

Works great!

But, I want to add SSL. certbot fails as I assume it's trying to add files to a folder, but of course, it can't. So, where do I add the SSL cert?

  1. The NAS?
  2. The Raspberry Pi 5?

I don't know how to make certs outside of certbot (I should learn).

Is there an idiot's guide to the relationship of SSL and redirected virtual directories?

Improve this question
2
  • Which ever device serves the certificate to the client. Commented Nov 23 at 22:26
  • it sounds like you are using Apache as a reverse proxy to the app on the NAS. in that case you can either install the cert on the Apache instance and use HTTP (not HTTPS) to access the NAS app (this is called TLS offloading) or you can install it on both the Apache instance and on the NAS webserver. since the client is only interacting with the Apache instance directly, it must have the cert to support HTTPS connections from the client, but installing it on the NAS is optional, if the app supports HTTP and you are fine with the link between Apache and the NAS being unencrypted. Commented Nov 24 at 2:29

0

Reset to default

You must log in to answer this question.