[Feature] [1.4.7-alpha] Secure HTTPS Certificate Issuance for BliKVM Behind NAT Using WireGuard and NGINX Proxy #198
Assignees
Comments
m50S79sM6SRNp8Jn
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
BliKVM devices often run in environments without a public IP address (e.g., behind a NAT or firewall), making it impossible to complete Let's Encrypt ACME challenges required for HTTPS certificates. Exposing the BliKVM directly to the public internet is not ideal due to security concerns, such as leaking API keys or exposing sensitive infrastructure.
Proposed Solution
To securely obtain HTTPS certificates for a BliKVM that lacks a public IP address, we can set up a WireGuard VPN tunnel to a publicly accessible VPS and use an NGINX reverse proxy on the VPS to forward Let's Encrypt ACME challenges over the WireGuard tunnel. This allows the BliKVM to appear publicly reachable to Let's Encrypt while remaining safely hidden behind a firewall.
The text was updated successfully, but these errors were encountered: