Can you have local reverse proxies?

Perhaps this is a weird question I have, but I've been watching some technotim videos lately and he seems to have local dns addresses for local services. Perhaps I've got this wrong, but if not: how would you go over doing this?

I have a pterodactyl dashboard, which I access locally using the machines IP and the port, but it would be great to have a pterodactyl.example.com domain, which isn't accessible from other networks, but does work on my own network. I also still want some services exposed to the internet, so I'm not sure if this would work.

megaman ,

Ive got this working with Caddy and Adguaed

I use Caddy as my reverse proxy. It is running on the machine in the basement with all the different docker-container-services on different ports. My registrar is set up so that *.my-domain.com goes to my IP.

Caddy is then configured for 'service-a.my-domain.com' to port 1234, and the others going to their ports. This is just completely standard reverse proxy.

For some subdomains (i.e. different services) ive whitelisted only the local network. There is some config for that.

Im pretty sure that I also have to have adguard do a dns rewrite on the local network as well. That is, adguard has a rewrite for '*.my-domain.com' to go to 192.168.0.22 (the local machine with caddy). I think i had to do this to ensure that when the request gets to caddy it is coming from the local whitelisted network rather than my public IP (which changes every couple months, but could be more).

DeltaTangoLima ,
@DeltaTangoLima@reddrefuge.com avatar

Yes - I do this with Pi-hole. It happens to be the same domain name that I host (very few) public services on too, so those DNS names work both inside and outside my network.

earmuff ,

DNS? Why so complicated? Just edit your hosts file 😏

bartolomeo ,
@bartolomeo@suppo.fi avatar

This is the correct answer.

Edit /etc/hosts and add

127.0.0.1 example.com

so when you type example.com into the address bar it goes to 127.0.0.1.

MigratingtoLemmy ,

People already talked about hosting your own DNS, let me add that a reverse proxy would be used for something like mapping myhome.local:8000 to myhome.local/jellyfin.

lemmyvore ,

Generally speaking, a subdomain like jellyfin.myhome.com will work out much better than a subpath like myhome.com/jellyfin.

Very few web apps can deal well (or at all) with being used under a subpath.

Contravariant ,

Using reverse proxies is common enough now that quite a few apps can deal with subpaths, and for the ones that can't you can generally get nginx to rewrite the paths for you to make things work.

lemmyvore ,

Alright, have fun with that. 🙂

Contravariant ,

I am, no worries.

MigratingtoLemmy ,

Well, whatever works. Your example wouldn't need a reverse-proxy.

bjorney ,

You can just point your domain at your local IP, e.g. 192.168.0.100

lemmyvore ,

If you mean to do that in the public DNS records please note that public records that point at private IPs are often filtered by ISP's DNS servers because they can be used in web attacks.

If you don't use your ISP's DNS as upstream, and the servers you use don't do this filtering, and you don't care about the attacks, carry on. But if you use multiple devices or have multiple users (with multiple devices each) eventually that domain will be blocked for some of them.

beerclue ,

Yup, I have a domain I purchased and on my lan I use PiHole and Caddy. All my apps and services use the format app.mydomain.com. PiHole forwards all requests for *.mydomain.com to Caddy, which handles the LE certificate (via DNS challenge) and forwards the requests to the proper IP:PORT. I started using this for everything, my Proxmox hosts, printer, my APs...

Decronym Bot , (edited )

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
AP WiFi Access Point
DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
PiHole Network-wide ad-blocker (DNS sinkhole)
SSL Secure Sockets Layer, for transparent encryption
VPN Virtual Private Network
nginx Popular HTTP server

8 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

[Thread for this sub, first seen 29th Jun 2024, 17:35]
[FAQ] [Full list] [Contact] [Source code]

solrize ,

Simplest is use /etc/hosts to set up names, if there are just a few.

Vendetta9076 ,
@Vendetta9076@sh.itjust.works avatar

Yup. You can run both local amd external services off the same proxy, at least with traefik and I assume others. Alternatively you could use traefik to solely for local services and Cloudflare zero trust tunnel for external.
I think his traefik video covers it? If not, it covers some part.

The other part is that you need pihole setup to serve local DNS.

legoraft OP ,
@legoraft@reddthat.com avatar

Okay, I'll start with configuring pihole for DNS. If I get it, I can just use that DNS and if I need to access a service external I need to register the domain with my registrar?

catloaf ,

Yes. But you should generally not expose a bunch of services to the Internet. Use a VPN to access your local network if necessary.

legoraft OP ,
@legoraft@reddthat.com avatar

I'm aware of this. There are a few services I expose, but most of them are local. I just wanted to make accessing local services a bit cleaner.

Vendetta9076 ,
@Vendetta9076@sh.itjust.works avatar

Sure can. I had mine separated with service.My-domain.com and service.Local.My-domain.com
If you need help let me know :)

Dunstabzugshaubitze ,

look into local dns servers if you want multiple machines to use your local domains if you only want a single windows or linux (and probably mac) computer to use the domain to access a specific local ip an entry in your etc/hosts file would be enough

HumanPerson ,

You can do that with pihole and basically any reverse proxy. The process is the same, so you can follow tutorials, you just have to set up your domain through your pihole instance instead of a registrar. You can set pihole as your dns for specific devices, or you can set it as the default dns for your network through the router.

legoraft OP ,
@legoraft@reddthat.com avatar

Will also take a look at the router DNS, thanks a lot!

BaalInvoker ,

I guess you can set a host on your /etc/hosts to redirect all your pterodactyl.example.com to a local ip. Also, if you need access from other computers on the local network, I think you can set up a local DNS server (such as PiHole or AdGuard Home) to reach the same solution but for all address running though your DNS server

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • selfhosted@lemmy.world
  • test
  • worldmews
  • mews
  • All magazines
    •