hi everyone here

Hello, how are you all doing? Id like to seek some advice on how to deal with self signed certificates. here is the layout of my current environment: on a simple and humble lenovo thinkcenter, im hosting a baremetal proxmox 9. i have a bunch of apps (technitium, stirlingpdf, convertx, gitlab, actual budget...) all of these apps are in a debian LXC with each its own docker. there is a global nginx proxy manager, and with the assistance of small step ca: each has an https endpoint. it works well. however: i don have auto renewal. everything is running in an internal network, nothing is exposed. i can reach everything through tailscale; DNS and reverse proxy are joined to it; and with them, i can access everything without having to join every container to tailscale so because of that, i cannot enjoy LetsEncrypt ease of use and its auto renewal i came across this: https://github.com/acmesh-official/acme.sh but to be honest, it requires more knowledge than i currently have... it appears to be well explained, but i get lost reading it its the whole certificate matter that is just a bi confusing to me to be honest. for instance, another solution that would be okay for me, would be to have a wildcard one; *.lab. but even that i couldnt get it to work (browser was complaining the certificate didnt match). i get lost in between root, CA, "leaf", intermediate authority, secret, key... but my goal, (is always the same: learn, improve my environment, "reach perfection" would be to have some kind of automatic process, to dispatch renewed certificates to my reverse proxy. smallstep-ca to nginx proxy manager but of course i am all ears if there is a better approach to this. thank you very much!

What are you using in your home lab with Terraform? What providers do you use? Check out some of the best terraform modules in my latest blog: https://www.virtualizationhowto.com/2025/10/best-terraform-modules-for-home-labs-in-2025/

I been doing the research on these tools and wandering on the general opinion of the community which is best for homelabs on ease of installation and configurations. To put this in context, I want to use workflows using Python, Ansible, and Terraform along with Gitea and AI integration. I watch a lot of YouTube and read write-ups including Brandon reviews. Looking for general feedback on setup and daily use including issues (pros and cons).

So I was browsing on the YouTubes the other day, and found a weird graphic show up right smack dab in the middle of my "Suggestions" page. https://www.youtube.com/watch?v=15_-hgsX2V0 This tool is called "copyparty" and although an odd name, holy cow does it have everything including the kitchen sink. It's a file hosting package that not only offers HTTP/HTTPS access with stupid-simple upload and download mechanisms, but supports ancient browsers (Going back to IE6) up to modern literally released today common browsers, acts as a WebDAV server, mount network shares via the internet using the WebDAV protocol, and has built in FTP/FTPS (Not SFTP) access. User access is controlled by a file with either clear text or one-way encrypted passwords, or by LDAP, or whatever other service you can use for authentication. I'm completely and totally blown away (That doesn't happen all that often, but I'll admit, 2024 with ChatGPT and what it started with and ended up with so far had me cooing like crazy, and now this) The best part? It's all in ONE PYTHON script. Watch the YT video. It's so much better than tinkering with Apache if you just need a file server. - You can make a public web file server JUST by running the script - With modules, you can play ANY kind of media. I was playing MK4 via a WebDAV mounted drive (He's got a read only demo server you can toy with) I'm currently running the tool on one of my Portainer servers as an application (I log into the server, run this script and put it in the background. if I close the window, it goes away), but it's easy to run as a systemd service if you want. The main goal right now for me is that I'm playing around with Semaphore with the code on the Portainer instance to get some Ansible scripts written for Semaphore so I can keep going at building my Home Lab as IAC. Before I was using WinSCP and it was a pain. But now? I mount the drive as a WebDav, and I can run my Windows git commands as if I was running them on the Linux Portainer instance and do my coding within VSC. And all I had to do was run a script and figure out the CLI parameters (Which can go into an ini-like config).