Today I'm diving into Mutual TLS to securely expose my homelab services! TLS is already ubiquitous in the modern era, providing strong symmetric encryption, perfect forward secrecy, and a public chain of trust to authenticate the server. But, it also has a lesser known ability to authenticate the client. By creating our own certificate authority to issue certs to clients, we can securely authenticate them to the server, preventing other users from even hitting our web app and probing it for vulnerabilities.
This is a simpler solution than using a VPN to 'expose' your services, as long as the app is already relying on TLS (which includes more protocols than just HTTPS). There's less user friction in installing a .p12 cert than setting up a VPN client, which could be important if you are sharing your services with friends and family.
Blog post with instructions:
https://www.apalrd.net/posts/2024/network_mtls/
Check ProtoArc XKM01 CaseUp travel solution from their official website and use code “Apalrd25” to enjoy 25% off Black Friday / Cyber Monday Sales at
https://www.protoarc.com/products/xkm01-caseup-combo?utm_source=YouTube&utm_medium=KOL&utm_campaign=XKM01CaseUp&utm_term=apalrdadventures
or Amazon’s Black Friday / Cyber Monday deals from Nov 21st
https://www.amazon.com/stores/ProtoArc/page/51FDEA72-3BEE-4CD1-9157-933B4B9E3A84?maas=maas_adg_21F8F3D7E6E87738535ACB420436CCB2_afap_abs&ref_=aa_maas&tag=maas
Diffie-Hellman explainers:
https://www.youtube.com/watch?v=NmM9HA2MQGI
https://www.youtube.com/watch?v=85oMrKd8afY
Support me on Ko-Fi if you enjoy my content and find it useful:
https://ko-fi.com/apalrd
Feel free to chat about my upcoming projects on Discord!
https://discord.gg/xJsaEukAr4
Follow me on Mastodon:
https://hachyderm.io/@apalrd
Timestamps:
00:00 - Intro
03:32 - Concepts
08:10 - Certificate Authority
13:27 - Server Setup
18:53 - Conclusion
#homelab #informationsecurity #ProtoArc #ProtoArcXKM01CaseUp #ProtoArcFoldableKeyboard