Hi Stackers,
I’ve been humbly growing my expertise in noderunning over the years from a simple start with Umbrel on a Pi4, to startOS and beyond.
I’m spinning up a self-hosted new node today using the Minibolt guide (3rd time or so that I’ve spun up a node this way).
I intend the node to be high performance (Fulcrum) and publicly-available (Uncle Jim model for friends & family).
Ultimately my goal is to have the node reachable on clearnet, so friends can connect to
node.mydomain.com
. The domain will point to a VPS running a reverse proxy & WireGuard to connect to my locally-accessible node.Before that, however, I want to be sure I’m understanding SSL certificates properly, and where the certificates should sit.
I’d like to first test this by connecting to the node locally via a fully-qualified domain name:
node.mylan.com
.I am running a firewall (pfsense) with a reverse proxy (acme + haproxy) already, and have a wildcard certificate there for
*.mylan.com
.My question is: should I install certificates with certbot on the node machine (
node.mylan.com
& node.mydomain.com
), and then connect directly to the FQDN, or am I better off using self-signed certificates for the fulcrum/electrs connection on the device and relying on the proxy/proxies for SSL (both locally and then, later with the VPS)?Looking at SSL on the device itself, it looks like I’ll have to do a fair amount of permissioning of letsencrypt folders for the users running the services on the node… thus I’m wondering if I’m over-complicating matters.
Thanks for any help!