Selfhosted

43629 readers

358 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

How would I set up local DNS or DNS rewrite (lemm.ee)

submitted 1 day ago* (last edited 13 hours ago) by RagingHungryPanda@lemm.ee to c/selfhosted@lemmy.world

15 comments fedilink hide all child comments

I have a gl-inet router on which I have an nginx config to send traffic to Nginx Proxy Manager and DDNS with cloudflare.

I'm trying to get some kind of local dns set up so that if I'm on the local network, traffic stays within the network. The problem that I'm running in to is SSL certificates. NPM (on the server) is handling those and I thought that what I could do is go into the AdGuard Home (on the gl-inet router) config and add a dns rewrite to point to the router and traffic would flow as it normally does.

This DOES work, technically. traceroute shows only one hop for any of my subdomains, ie files.mydomain.com.

But I cannot actually get access in a browser because the ssl certificates are not set up.

It seems like options are: manually copy certificates from the server to the router (not ideal), or don't do it at all. I notice that if I go to the service by ip address, it'll change the address to the domain name. Eg going to 192.168.8.111:30027 -> files.mydomain.com.

This isn't a HUGE deal, but it's not preferable. How have you all solved this?

Edit: I solved the issue in probably the most hilarious way. I was trying to get the forwarding and everything set up and then borked my routers firewall so bad I couldn't get to the outside at all, so I did a hard reset.

I then moved my admin UI ports up by one each (81/444), re-set up Goodcloud, ddns, Wireguard server on the router, then set up port forwarding for 80/443 on the router to 80/443 on the trunas server. I switched NPM to listen on those ports (since I moved the web UI to different ports), then added Adguard Home DNS rewrites. It's now all working as expected.

Local traffic only has one hop and is accessible without SSL warnings, and same for WAN traffic. Thank you all for the help!

you are viewing a single comment's thread
view the rest of the comments

[–] CompactFlax@discuss.tchncs.de 2 points 1 day ago

Well yes, it is one hop, because you’ve got the router doing TLS termination. Inside your network you point to the server that has the TLS certs. Outside of the network you do port forwarding, or use a tunnel with cloudflare agents.

Why is the router involved at all? It’s all local traffic. The external traffic comes through the cloud flare tunnel, right? Maybe I’m not understanding the architecture you’ve got.