I am trying and testing the official VM ā¦ and am loving it so far (wow it really speeds up on the same hardware I had the other VM running before. Maybe itās due to NC 22 running nowā¦ I dunno but itās awesome! )
so I came across the TLS-option in /var/scripts/menu.sh and was wondering:
does it deal with wildcard-domainsā¦ such as *.example.com
can you apply for several domains at once? like cloud.example.com and cloud.example.org at the same time? If yes, how?
I couldnāt find any information about that very point. Except that I know that it would work in general. I just donāt know how or if it woud work with your routines.
Keep the good work up and thanks for all the great work you did so far
JK
Great that you like the speed! We worked quite a lot to make it faster actually.
Sorry, no wildcard domains afik, never tested actually, but shouldnāt work
The script is only designed to add one domain at the time. You could the manually add more by executing the TLS part standalone, and copy the Apache config from the original one.
btw: wouldnāt that (multiple domains, if not wildcard domains) be a perfect idea to improve your setup-menue?
since youād need more than one cert if youād install turnserver, though
Hmm, yeah maybe that would be something to add. Question is why? It would only benefit those who wants to setup a multi-tenant environment, and in that case they should get a license anyway.
All the app-scripts already installs their own certs. OnlyOffice Docker, Collabora Docker, Talk, and so on. They have their own since all the configurations differ from each other.
If you have time left on your hands, and want to be a part of the VM - please add your PR for improvements you think make sense, the basics are already in place and you could almost just copy paste existing codeā¦
Using wildcard certificates instead of individual certificates for each service would have the advantage that the subdomains would not be publicly known.
In combination with the DNS challenge from Letās Encrypt, users who want to use their cloud only locally, could still get a signed certificate without making the names of the services they use with their domain publicly known.
Yes, it is possible. But it only works with the DNS challenge, which means that a DNS TXT record has to be created every time you want to issue a new certificate or renew an existing one. You either can do this manuallyā¦
ā¦but iām not a developer and therefore donāt know how you would have to integrate this into the VM in a user-friendly way, and how much effort it would be to maintain an up-to-date list of DNS providers.
I use *.local.mydomain.tld with HAProxy on my pfSense. This allows me to connect to local services that are not publicly accessible, or donāt even have an internet connection, with a signed certificate, which I find is very nice.
Sorry no, not yet. Been a pretty ācalmā year developing wise. Everything is stable and I intend to keep it that way.
Just got a new job offer which means I will work more with Nextcloud from next year, but probably not the community so much and since Nextcloud doesnāt promote our VM anymore I feel very un-motivated to be honest.