@gwbuk I use a Caddy v2 reverse proxy. But it does require a server (I use a Ubuntu VM) that is open to the internet (TCP port 443) and a host name. But everything is automated. I was even able to limit traffic to my Controller to only my LAN.
There are certainly hoops to jump through though if you only want it on your LAN. You would also need a local DNS server. (but if you don't care if it is open to the public internet then you don't need a local DNS)
What I did was set my public DNS to resolve my URL to my office public IP address (let's say 34.35.36.37)
I set up my Omada Controller on my LAN (let's say 192.168.1.3)
Than I set up my internal DNS to resolve that same URL to the local IP Address of the Caddy server (let's say 192.168.1.10). This way my internal PC's will resolve to the LAN IP address of the Caddy server.
I set up port forwarding to forward port 443 to my Caddy server. This is simply to get the cert.
My Caddy server will go out and get a cert automatically for my URL.
I configured my Caddy server to reverse proxy my Omada Controller's IP address (192.168.1.3:8088). I also configured it to deny any traffic originating from outside my LAN. And, yes, you reverse proxy the controllers http address, not https. Caddy will encrypt the traffice to https.
Like I said, it is a bit of a pain to set up (although, not really that hard, I did it in 10 minutes). If it is something you want to explore, I can share my Caddyfile with you which defines the reverse proxy and sets up access logs.
But in the end, I have certs that auto renew, and I have been using Caddy for years now.
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
