-1

I currently have a site hosted on my local raspberry pi, and I have my domain registered through cloudflare. I would also like to be able to use PiVPN to access the contents of the VPS when I am away away from home. Unfortunately the CF proxy only lets through Http(s) traffic in ports 80/443 and that's it. I can turn off the proxying in my CF dash, but this causes my site to have an https insecure warning.

So I am stuck between being unable to VPN to my device, or having insecure connections at the moment. Is there a way to have trusted certificates without using the CF proxy? Or an alternate way to access my server remotely?

Craig
  • 99
  • 1

1 Answers1

0

Assuming:

  • Your domain name is example.com
  • The VPN uses the 10.8.0.0/24 network, meaning the RPi takes 10.8.0.1 in this network

Then:

  1. Install PiVPN on the RPi
  2. Install a DNS like Unbound and set it up to example.com with 10.8.0.1
  3. Make sure VPN clients use 10.8.0.1 as DNS
  4. Get a certificate for example.com via Let's Encrypt. You should use the ACME DNS challenge so that the RPi can get the certificate even if not publicly exposed.
  5. Configure this certificate on the HTTP server running on the RPi
  6. If your HTTP server is not listening on ports 80/443, change that if you don't want to write the ports in the URL

You should be able to access https://example.com over the VPN without going through CloudFlare.

These are the main steps, there may be intermediate ones.

Dylan
  • 441
  • 2
  • 6