Acme Plugin

[spetrillo]

Hello all,

I want to take the next step in locking things down by using the Acme plugin to generate certs for various internal devices on my network. For example I have a Synology NAS that I would like to open up to the outside world, for the purpose of backing photos I take with my mobile phone. I can use the self signed cert from Synology but that is not completely secure.

In deploying the Acme plugin and generating the certs I would like to solve two problems:

1) End to end security from client to host
2) Getting rid of the "Not Secure" message when accessing secured devices internally

Is this possible?

Thanks,
Steve

[RamSense]

Have you tried setting this up with the Nginx reverse proxy?

see some instructions here:
https://forum.opnsense.org/index.php?topic=19305.0
and here
https://docs.opnsense.org/manual/how-tos/nginx_waf.html

p.s. if it is only for backing up photo's and you only using the NAS, you could also consider to run a VPN (wireguard / openvpn) on opnsense and you being able to upload your photo's etc to the nas as if your were on the local network.