I am trying and testing the official VM … and am loving it so far (wow it really speeds up on the same hardware I had the other VM running before. Maybe it’s due to NC 22 running now… I dunno but it’s awesome! )
so I came across the TLS-option in /var/scripts/menu.sh and was wondering:
does it deal with wildcard-domains… such as *.example.com
can you apply for several domains at once? like cloud.example.com and cloud.example.org at the same time? If yes, how?
I couldn’t find any information about that very point. Except that I know that it would work in general. I just don’t know how or if it woud work with your routines.
Keep the good work up and thanks for all the great work you did so far
Hmm, yeah maybe that would be something to add. Question is why? It would only benefit those who wants to setup a multi-tenant environment, and in that case they should get a license anyway.
All the app-scripts already installs their own certs. OnlyOffice Docker, Collabora Docker, Talk, and so on. They have their own since all the configurations differ from each other.
If you have time left on your hands, and want to be a part of the VM - please add your PR for improvements you think make sense, the basics are already in place and you could almost just copy paste existing code…
Using wildcard certificates instead of individual certificates for each service would have the advantage that the subdomains would not be publicly known.
In combination with the DNS challenge from Let’s Encrypt, users who want to use their cloud only locally, could still get a signed certificate without making the names of the services they use with their domain publicly known.
Yes, it is possible. But it only works with the DNS challenge, which means that a DNS TXT record has to be created every time you want to issue a new certificate or renew an existing one. You either can do this manually…
…but i’m not a developer and therefore don’t know how you would have to integrate this into the VM in a user-friendly way, and how much effort it would be to maintain an up-to-date list of DNS providers.
I use *.local.mydomain.tld with HAProxy on my pfSense. This allows me to connect to local services that are not publicly accessible, or don’t even have an internet connection, with a signed certificate, which I find is very nice.