I'm confused about how to proceed setting up security with my OMV NAS and hope some of you can help me.
What's Happened Until Now
A Netgear ReadyNAS at home is being retired and replaced with a DYI NAS running OMV 3.x. The OMV NAS is up and running, and now I'm configuring security. The current step is making it require secure connections only.
My router is a Linksys WRT1900ACS. Eventually I plan to change it over to Open WRT, but not until the OMV NAS is completely stable. I'm not going to start messing with the router until I'm finished setting up the NAS.
Initially I created a self-signed certificate in OMV and then set the system to require secure connections only. This didn't work because browsers like Chrome and Firefox would not connect because the certificate did not come from a recognized source.
So I installed the LetsEncrypt plugin and tried to make a recognized certificate. This didn't work because the domain name is illegitimate. When I originally configured OMV, I used the default domain name, "local", both because it is the default and because I mainly use Apple computers, which also use "local" as the default domain.
My Confusion
I'm confused about what domain name to use and how to use it. Technically, I think we should be calling these things "resource names" because an address like "foo.bar.bas" is really a subdomain of "bar.bas". But both names are interchangeably called "domain names," and part of my confusion is what the documentation is referring to when it says "domain name."
Another part of my confusion is which domain name to use: internal or external. Every device inside my home could easily be in a domain with names like OMVNAS.local, computer1.local, etc. These names can work perfectly well within the network administered by the router. But then again, maybe the domain name needs to be the "external" name used to reach devices from beyond the router. Which one is it?
The router natively supports "external" domain names from either of two DDNS providers: No-IP.com or Dyn.com. Presently, the ReadyNAS can be reached by using one of two names provided by No-IP.com. To reinforce my earlier point, both end in two-part higher-level domain names over which I have no choice. E.g., foo.ddns.net. I can only choose the first part (foo), and my current plan allows at most 3 fully qualified domain names. Moreover, the ReadyNAS takes up to two Ethernet wires and therefore is already configured to use the two names I'm using. And perhaps more important, the router already maps ports 80 and 443 to these two connections.
I can't use the two existing names because they're already taken by the ReadyNAS. I can't add a third name because OMV wants port 80. So what's the best way to proceed to make the OMV NAS require secure (SSL/TLS/HTTPS) connections?