view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
If you use Let's Encrypt, or any public CA, all of your domains and certificates will be public. You can use a wildcard to avoid revealing subdomains. There is a website that you can use to search what is available, but I don't remember what it is.
I suspect there aren't any serious risks to having that information revealed. The only real reason would be privacy against which services you are using on that domain.
yeah true but if the DNS records aren't actually pointing anywhere then there's no real threat no? because everything stays in the internal network
For the most part yeah. Unless you don't want people to know you're hosting a particular thing for whatever reason.
You have to use a public DNS registrar, and that DNS record has to point to your public IP if you want to automate to a public CA. All of my subdomains are in my local DNS server though and I use a wilcard for them. So no one externally can go to jellyfin.mydomain.com, but they could go to www.mydomain.com to my IP, but that doesn't forward on my router either.
But also only automated scrappers are going to look for my domain too and they are going to be blocked in the same way automated scrappers for residential IPs are blocked. I could be wrong, but I don't think there are ways to bypass security with knowing the domain name tied to an IP.
This is probably the site you're thinking of - https://crt.sh/