I have a domain that requires HSTS preload. I want to self host a few things using that domain (and subdomains), like nextcloud, pihole, and vaultwarden. How much of an issue is HSTS preload going to be if I do that? Will I need to set up a wildcard cert for everything? Or will it just work™️ because it’s internal or traffic is through a VPN?

I can’t find much about this so any help would be appreciated!

  • wraith@lemmy.caOPEnglish
    2·
    4 days ago

    Google is the registry that owns the rights to the TLD. They require all of the domains they control to have HSTS preload enabled.

    • wildbus8979@sh.itjust.worksEnglish
      3·
      4 days ago

      Then yeah, VPN or not, you’re going to need to enable TLS. What’s the issue with giving your subdomains a certificate?

      • wraith@lemmy.caOPEnglish
        1·
        4 days ago

        I am fairly new to self hosting and just wanted to know if this was a big enough deal that I should just get a domain that doesn’t require HSTS preload. It’s one thing to tinker with an IP address on a local network for some unimportant project; it’s just intimidating to try it for real using a domain and hosting my own data.

        I’m just a little nervous tbh. Thanks for the help!

        • wildbus8979@sh.itjust.worksEnglish
          2·
          4 days ago

          Not much to be nervous about, you can’t fuck it up anymore than it already is since the HSTS is preloaded ;) ACME/Let’sEncrypt is pretty easy to setup