Could be this used for reverse proxy ?

[vdhub]

The idea is similar to caddy i guess where i have subdomain.domain.office and each time someone in the office access the domain.office and it's subdomains to show the proper green certificate instead of the red warning popup on any browser.

IF it can be done, then how and what do i need to configure.

This can be added on a Synology DS1817+ over Docker ?

Currently it is running DSM 7.1.1-42962 Update 3 ; Docker 20.10.3-1308

Thanks in advance.

[Hukuma1]

Yes. This is a reverse proxy with a nice GUI. Set it up in Docker and enjoy.

[vdhub]

well i forgot to mention that my public ip is dynamic and i don’t want that insecure certificate popup to show on browsers, so how and what can i do in this case ? any idea where to look ?

thanks in advance

[Hukuma1]

https://www.youtube.com/watch?v=bQdqf5xAyUk

You need a domain name and a way to update your IP to it.

Or a service like DuckDNS works as well: https://www.youtube.com/watch?v=wrMn8sar-nA

[vdhub]

I'm not sure i was clear enough

I have the fdqn : domain.com I have the ddns account that links my dynamic ip to a subdomain.domain.com i have several domains, which are local : like it.domain.local; app.domain.local ; it.domain.dev ; it.domain.office

Now, i don't need to access it.domain.local; app.domain.local from internet , i need those to be accessed only from within the LAN but i don't want to see that certificate warning. So the idea was to use something to act like a CA or intermediate CA. that will sign the it.domain.local; app.domain.local certificates and showing them as valid and green and not showing that red warning on browsers .

my 2 subdomains should be accessible on LAN only .

Thanks.

[vdhub]

i think i may have found the solution, if i can get it work as well. https://caddyserver.com/docs/automatic-https#wildcards or not, it is what i need but from what i see that means installing the CA root cert to all the pcs and in my case some could be customers, some could be visitors and i don't want to ask them to install things.

One thing maybe could be is that i use the fdqn domain for that but restrict it to be used only within the LAN range, but not sure that is a good idea.