Follow these steps to add new services to your network, each with its own SSL certificate for secure access. This ensures your services are independently configured while maintaining a secure infrastructure.
Edit the Tunnel Configuration File:
sudo nano /home/josh/.cloudflared/config.yml
Add a New Entry under ingress for the service:
ingress:
- hostname: <NEW_SUBDOMAIN>.<DOMAIN>
service: http://<LOCAL_IP>:<PORT>
Replace:
<NEW_SUBDOMAIN>.<DOMAIN>: The subdomain (e.g., nextcloud.kitpro.us).<LOCAL_IP>:<PORT>: The internal service's IP and port (e.g., 10.10.0.60:443).Save and Restart the Tunnel:
sudo systemctl restart cloudflared
<NEW_SUBDOMAIN> (e.g., nextcloud).<TUNNEL_ID>.cfargotunnel.com.Create a New Configuration File:
sudo nano /etc/nginx/sites-available/<NEW_SUBDOMAIN>.conf
Add the Following Configuration:
server {
listen 80;
server_name <NEW_SUBDOMAIN>.<DOMAIN>;
location / {
proxy_pass http://<LOCAL_IP>:<PORT>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Replace:
<NEW_SUBDOMAIN>.<DOMAIN>: The subdomain (e.g., nextcloud.kitpro.us).<LOCAL_IP>:<PORT>: The IP and port of the service (e.g., 10.10.0.60:443).Enable the Site and Reload NGINX:
sudo ln -s /etc/nginx/sites-available/<NEW_SUBDOMAIN>.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
Issue an SSL Certificate Using Certbot:
sudo certbot certonly --nginx -d <NEW_SUBDOMAIN>.<DOMAIN>
Replace <NEW_SUBDOMAIN>.<DOMAIN> with your subdomain (e.g., nextcloud.kitpro.us).
Automatic Configuration:
Verify HTTPS Access:
https://<NEW_SUBDOMAIN>.<DOMAIN> (e.g., https://nextcloud.kitpro.us).Confirm SSL Certificate Validity:
To add more services, repeat these steps:
By following this guide, you can securely add and expose new services to your network, each with its own SSL certificate for encryption and trust.