Hello all,
I want to take the next step in locking things down by using the Acme plugin to generate certs for various internal devices on my network. For example I have a Synology NAS that I would like to open up to the outside world, for the purpose of backing photos I take with my mobile phone. I can use the self signed cert from Synology but that is not completely secure.
In deploying the Acme plugin and generating the certs I would like to solve two problems:
1) End to end security from client to host
2) Getting rid of the "Not Secure" message when accessing secured devices internally
Is this possible?
Thanks,
Steve
Have you tried setting this up with the Nginx reverse proxy?
see some instructions here:
https://forum.opnsense.org/index.php?topic=19305.0 (https://forum.opnsense.org/index.php?topic=19305.0)
and here
https://docs.opnsense.org/manual/how-tos/nginx_waf.html (https://docs.opnsense.org/manual/how-tos/nginx_waf.html)
p.s. if it is only for backing up photo's and you only using the NAS, you could also consider to run a VPN (wireguard / openvpn) on opnsense and you being able to upload your photo's etc to the nas as if your were on the local network.