Locking Down a Private Site with Romanian eID + mTLS (Docker + Nginx + NPM)
I wanted a single-user, private HTTPS site that only lets me in—no passwords, no TOTP, just my Romanian eID (CEI) card. The plan: use the card’s client certificate for mTLS and have Nginx only serve content when it sees my cert. This post is a practical, copy-paste log of what I did, the exact errors I hit, and how I fixed them. It’s written in the same “get to the point + show the commands” style I used in my Reverse SSH Tunnel Tutorial — just applied to PKI this time. ...