starred/altstack-data
1
0
Fork 0
mirror of https://github.com/altstackHQ/altstack-data.git synced 2026-04-17 22:53:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Initialize public data and docs repository

Browse Source
This commit is contained in:
AltStack Bot
2026-02-25 22:36:27 +05:30
commit 2a0ac1b107
357 changed files with 50685 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
docs/app/concepts/ssl-tls/page.mdx Normal file
View File

@@ -0,0 +1,56 @@
---
title: "SSL/TLS for Self-Hosters"
description: "HTTPS for your self-hosted tools. How SSL works, why you need it, and how to set it up with Caddy or Let's Encrypt."
---
# SSL/TLS for Self-Hosters
**SSL/TLS** is what makes the padlock appear in your browser. It encrypts traffic between your users and your server so nobody can snoop on it.
Every self-hosted tool accessible from the internet **must** have HTTPS. No exceptions.
## The Easy Way: Caddy (Automatic)
If you followed our [reverse proxy guide](/concepts/reverse-proxies) and are using Caddy, **you already have SSL**. Caddy obtains and renews Let's Encrypt certificates automatically for every domain in your Caddyfile.
No config needed. No cron jobs. No certbot. It just works.
> 🔥 **Pro Tip:** This is the #1 reason we recommend Caddy over Nginx.
## The Manual Way: Let's Encrypt + Certbot
If you're using raw Nginx, you'll need certbot:
```bash
# Install certbot
apt install certbot python3-certbot-nginx -y
# Obtain a certificate
certbot --nginx -d plausible.yourdomain.com
# Verify auto-renewal
certbot renew --dry-run
```
Certbot will modify your Nginx config automatically and set up a cron job for renewal.
## SSL Checklist
After setting up SSL, verify:
- [ ] Site loads on `https://` (padlock visible)
- [ ] `http://` redirects to `https://` automatically
- [ ] Certificate is from Let's Encrypt (click padlock → "Certificate")
- [ ] No mixed-content warnings in browser console
## Common Gotchas
**"Certificate not found"** → Your DNS hasn't propagated yet. Wait 510 minutes and try again.
**"Too many requests"** → Let's Encrypt rate-limits to 50 certificates/week per domain. If you're testing, use `--staging` flag first.
**"Connection refused on port 443"** → Port 443 isn't open in your firewall. Run: `ufw allow 443/tcp`
## Next Steps
→ [Backups That Actually Work](/concepts/backups) — Protect the data you're securing with SSL