You want to easily manage your SSL certificates.
You can setup Pretty and Custom URL (if you're using DNS).
You do not want to open any more ports then necessary.
You already have an application running on the webserver.
The webserver of your choice and bit of basic knowledge about it.
Root Privileges.
Give your device running an static IP. This can be done in two ways
This is more recommended as it will be easier to manage. This option shall be under lan settings in your routers homepage. Make sure you give an IP that is in range given by the router DHCP. For more specific details, search your routers name and model number followed by the phrase "set up static IP".
This is more of a fallback in case your router doesn't support giving static IP. In this case you have to edit it using your network manager.
I recommend you use "networkmanager" as it has an GUI but some distro use another network managers such as "netplan". You have to search "set up static IP {your distro}"
Make sure no application is using port 80 by:
sudo netstat -tlnp | grep 80
If the response is as below
tcp6 0 0 :::80 :::* LISTEN 351/httpd
If not skip the next step.
Then we need to stop the process listening on port 80 (emphasized by "::::80"), which in our case is httpd (Apache for Arch Linux).
sudo systemctl stop httpd.service
Make sure your firewall allows port 80, if you wish to access webserver from other devices on the same network. If you wish to access the webserver outside of you lan devices, you have to allow port 80 on your router/modem but doing so is not recommended as it opens up your computer to the internet. I would instead recommend using a vpn server on your computer and its client on the divice you wish to access it on, for more information go to 7th topic.
| Distro | Firewall |
| ------ | ------ |
| Debian | None |
| Arch | None |
| Ubuntu | ufw |
| Red Hat | firewalld
ufw:
sudo ufw allow 80/tcp
firewalld:
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
You can also enable UDP for the port by replacing tcp by udp in the command above, if required.
Update the distro then Install CasaOS
wget -qO- https://get.casaos.io | sudo bash
Or
curl -fsSL https://get.casaos.io | sudo bash
Visit your CasaOS host machine's IP. CasaOS install script should provide the IP by the end. It should look like
http://192.168.0.7 or http://10.28.6.100
Don't worry if your numbers are different, this is just to show format.
If you didn't see it use the following command.
ip address
The output should contain section like lo, ens, etc
We will focus on ens as I use ethernet, under ens there should be inet, next to it should be your IP
Go to the IP and create the initial account.
Then click on the second icon from top left.
Click on Change next to WebUI Port, set this to an unused port.
Check which ports are being used by
netstat -tlnp
Then use something else then them.
I chose "82"
Change your webservers config to proxy to the port you choose
For Apache add the following but change the port to the one you chose
# CasaOS
<Location />
ProxyPass "http://127.0.0.1:82/"
ProxyPassReverse "http://127.0.0.1:82/"
</Location>
Or
# CasaOS
ProxyPass "/" "http://127.0.0.1:82/"
ProxyPassReverse "/" "http://127.0.0.1:82/"
Add this to your default or any of the virtual host of your choosing.
Now Start Apache
sudo systemctl start httpd.service
For Ningx use the following
location / {
proxy_pass http://127.0.0.1:82/;
}
There are two ways for DNS either get name from an DNS provider like dyndns, noip, duckdns etc or built an custom DNS by bind, dnsmasq, pihole etc. Both have their merits and demerits, it mostly depends on your system/router/ISP, as you see there are so many factors that's why it's so confusing.
Link Recommended as we don't knows it's backend we atleast know it's frontend which only sends ip. As far as I have seen this only works on google's DNS. It gives you upto five domains for .duckdns.org
Link It will email you each month to confirm your domain. Gives you only one domain but in exchange provides more second level domain extensions.
For more info use this Arch Wiki
Recommend. May seem complex but is very feature rich.
Easy to use.
Then there are three ways of using the DNS
This should be in lan or wan, but remember not all router have the capacity to change DNS.
I recommend the second process only if you wish to use it only on selected devices.
Best method in my opinion. You would have to install it on each device you want to use but it won't give error like '''Name Not Resolved''' when using custom DNS or the issue of it not working when made secondary dns.
It's the same situation as DNS, either get SSL certificate from OpenSSL, etc or make your own CA (Certificate Authority). This also depends on your setup although if you have made an custom URL with custom DNS, which is not accessible from the internet, then you have to use the latter option.
Install the certbot pakage.
Run the following command, replace {your_webserver} with the webserver you use.
sudo certbot --{your_webserver}
Give your email.
Chose your domain.
It will automatically edit the configs.
Follow this simple cheat sheet by Christian Lempa.
Did you think DNS and SSL were complex? Oh boy the worst part is now here, why you ask? Because DNS and SSL were complex, yes, but at least I could list the option and ways to reach desired result here, welp not anymore. Now you have read their docs and all I will be able to do is cheer you but if you face any issues don't shy in contacting me, I don't have a life anyway. Want examples? Well here you go
Not recommended.
Port forward in your router the ports "80" and "443" to your static ip
The recommended method.
A: Go back to 3.3.x and see if you added the trailing slash after 127.0.0.1:82
A: As far as I know it's an ws issue. Issue 645
A: I think it tries to connect to http://{IP} rather then http://{IP}/subdirectory. Same issue is faced by many programs but is usually solved by adding custom URLs followed by the subdirectory, some examples are jellyfin, webmin etc. CasaOS doesn't have support for custom URL as of now.
A: First try to identify the source of the problem is it an Docker Issue, Docker Config Issue, CasaOS Issue, Webserver Issue etc. Then search for the issue in their forums, if you dont find any resembling one or none of the solutions work for you, only than reach out to the respective devlopers.