I was wondering if it is possible to safely use sensitive data on a local server (IP address: 192.168.xxx.xxx) without SSL (installed NGINX to listen to port 80 instead of 443 and left out the nginx_ssl variables) or if there are other options to issue certificates or secure the server more without needing a DNS name, since Let’s Encrypt (which is used by nginx to issue certificates) can’t issue certificates for bare IP addresses.
Any input is appreciated. Thanks in advance!
I’ve cross posted your question to our Admin chat here You're invited to talk on Matrix
The community may reply here or there, and feel free to join the chat
Heya @cbass. Yeah you have some options
- no ssl, the easiest, will generate warnings when people enter passwords because it’s insecure
- self-signed ssl certificate, will generate warnings in the browser because it’s self signed
It’s really up to you what’s appropriate. If your local network is controlled, no one can access the network without e.g. a wifi password, then you might be ok to skip SSL as you can trust the devices on your network. It’s not generally a good idea, but knowing about your specific case it might be fine and easier than dealing with everyone’s browsers not trusting a certificate.