Hi @Allan_Zimmermann I’ve had an idea of putting together a yt series of deploying and using selfhosted openIAP.
3 main reasons:
1 - documenting stuff for my future self.
2 - reference materials for customers, if they have a question, I point them to a video.
3 - help community.
This first one shows how to deploy openIAP, on a local network with SSL, to get a working openIAP instance (inspired by your deployment video on public VPS, but that poses security concerns you have to deal with).
Check it, and if you have any problem with the whole intent or the video itself, I’ll take that down.
I don’t know, maybe this spoon-fed type of content might increase the rate of free riders, so if you have any concerns, let me know. But at least it might encourage overall usage of your great platform.
Regards
2 Likes
I love it…
I always wanted to do a video about DNS01 and Let’s Encrypt, so this is very good.
Do not recreate the video, just my comments.
- I don’t like that you recommend people use the edge version. This can be broken, so it should not be used unless you know the risk. Also, edge is not built for ARM and will perform poorly on newer MacBooks or cloud servers using ARM. Lastly, we often add tons of debug symbols in the edge version, so this will not be as fast as the
:latest version.
- Don’t use low TTL on DNS records unless you really need to update them often… every time your client needs to refetch DNS, it can add up to a 100ms response on the first request.
- The reason we do not allow using admin/root and other common names is not due to “internal API workings” but for security. Those names are so common that all attackers will try brute force attacks on those types of names first. This is why we want to force every admin user to have a unique name (and generally recommend not allowing password login for admin accounts).
1 Like
Thanks for the feedback, glad you liked it. Indeed, I’m on an Intel mac still, didn’t have any issues.
And thanks for the clarification on TTL and admin username.