Hey guys,
there is one simple thing I want to do: Cleaning up my internal subdomains.
Some background info:
- I use pfSense as my router and DHCP server.
- piHole acts as my DNS server.
- The only thing coming into my network is a single VPN connection.
- I use a domain internally (I specifically bought it for this purpose and use it for nothing else). There are no A or MX records configured for it.
How it works right now:
I have all the different services on one subnet. Each service gets its own subdomain (apart from plex) via its hostname. So I can get to pihole via “pihole.domain.tld”
What I don’t like about that:
Some services require a specific port and or directory to access them. Proxmox for example is available under 10.10.10.30:8006… → This is not good as I have to remember all those special snowflakes…
Additionally most services produce errors, when loading the site, because the site doesn’t use any encryption… I had my own self-signed certificate once, but more services were installed and it then was too much work to self-sign a certificate for every service…
How I plan to do change it:
Get a reverse proxy with built-in letsencrypt support. I already tried nginx and traefik, but that was too complex for me… I just couldn’t figure out how to port that documentation-knowledge to my specific use case…
So I laid my eyes upon Caddy. It looks really simple and lightweight!
I would set up my DNS server to redirect all services to caddy. Because I already have the hostnames in place, I came up with a system: the hostname is the name of the service, but for “subdomain-use” I would specify a new “hostname” which essentially gets the description of the service.
One Example: instead of typing “pihole.domain.tld”, I will type “adblocker.domain.tld”. Exactly that new subdomain (“adblocker.halnet.cloud”) will be inserted into my DNS server to redirect to Caddy. Caddy will then know what to do with it and redirect it to the real IP and slap some encryption on there. (Yeah I know only the path between caddy and browser is then encrypted, but I still get the green lock! And it only is my home network after all)
What I have tried and what didnt work:
I installed caddy correctly and it works. Then I added a Caddyfile with just my “domain.tld” in it. I then ran caddy and it asked for my email. I used the same email which I also used for buying that domain. Then it threw me an error that there is no IP connected to that IP or something… I tried pointing my domain to my router (which I didn’t really want to do), but still nothing… It then threw errors, that there is a different ip connected to it… sadly I can’t remember and now I can’t even see those errors anymore, because it just says: Error creating new authz :: too many failed authorizations recently
So what can I do to use my domain purely internally?