Perhaps this is a weird question I have, but I’ve been watching some technotim videos lately and he seems to have local dns addresses for local services. Perhaps I’ve got this wrong, but if not: how would you go over doing this?
I have a pterodactyl dashboard, which I access locally using the machines IP and the port, but it would be great to have a pterodactyl.example.com domain, which isn’t accessible from other networks, but does work on my own network. I also still want some services exposed to the internet, so I’m not sure if this would work.
You must log in or register to comment.
Run your own DNS server on your network, such as Unbound or pihole. Setup the overrides so that domain.example.lan resolves to a local IP. Set your upstream DNS to something like 1.1.1.1 to resolve everything else. Set your DHCP to give out the IP of the DNS server so clients will use it
You don’t need to add block lists if you don’t want.
You can also run a reverse proxy on your lan and configure your DNS so that service1.example.lan and service2.example.lan both point to the same IP. The reverse proxy then redirects the request based on the requested domain name, whether that’s on a separate server or on the same server on a different port.
Ive got this working with Caddy and Adguard
I use Caddy as my reverse proxy. It is running on the machine in the basement with all the different docker-container-services on different ports. My registrar is set up so that *.my-domain.com goes to my IP.
Caddy is then configured for ‘service-a.my-domain.com’ to port 1234, and the others going to their ports. This is just completely standard reverse proxy.
For some subdomains (i.e. different services) ive whitelisted only the local network. There is some config for that.
Im pretty sure that I also have to have adguard do a dns rewrite on the local network as well. That is, adguard has a rewrite for ‘*.my-domain.com’ to go to 192.168.0.22 (the local machine with caddy). I think i had to do this to ensure that when the request gets to caddy it is coming from the local whitelisted network rather than my public IP (which changes every couple months, but could be more).
Yup, I have a domain I purchased and on my lan I use PiHole and Caddy. All my apps and services use the format app.mydomain.com. PiHole forwards all requests for *.mydomain.com to Caddy, which handles the LE certificate (via DNS challenge) and forwards the requests to the proper IP:PORT. I started using this for everything, my Proxmox hosts, printer, my APs…
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol PiHole Network-wide ad-blocker (DNS sinkhole) SSL Secure Sockets Layer, for transparent encryption VPN Virtual Private Network nginx Popular HTTP server
8 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #840 for this sub, first seen 29th Jun 2024, 17:35] [FAQ] [Full list] [Contact] [Source code]
Yes - I do this with Pi-hole. It happens to be the same domain name that I host (very few) public services on too, so those DNS names work both inside and outside my network.
DNS? Why so complicated? Just edit your hosts file 😏
This is the correct answer.
Edit /etc/hosts and add
127.0.0.1 example.comso when you type example.com into the address bar it goes to 127.0.0.1.
People already talked about hosting your own DNS, let me add that a reverse proxy would be used for something like mapping myhome.local:8000 to myhome.local/jellyfin.
Generally speaking, a subdomain like
jellyfin.myhome.comwill work out much better than a subpath likemyhome.com/jellyfin.Very few web apps can deal well (or at all) with being used under a subpath.
Well, whatever works. Your example wouldn’t need a reverse-proxy.
Using reverse proxies is common enough now that quite a few apps can deal with subpaths, and for the ones that can’t you can generally get nginx to rewrite the paths for you to make things work.
Alright, have fun with that. 🙂
