I created a short tutorial on using sub domains to access services hosted within my home network, thought I would share it here in case anyone finds it useful
This is the first time I’ve made a technical tutorial so apologise if there are mistakes/its confusing, feedback will be appreciated
You must log in or # to comment.
Thanks for sharing!
I can recommend nginx-proxy-manager for people who do not want to fiddle with proxy config files.
It works well, but if you want to do ‘custom stuff’ (like hosting a matrix instance) you’ll be out of luck
I personally use caddy as a reverse proxy
Yeah it was honestly changing the router settings that was the hardest part for me, exposing port 22 and 80. Caddy was really easy to use
You seem to have descibed your port forwards backwards It is the router forwarding the ports to the gateway pi (and potentially other devices), not gateway pi and other devices forwarding to the router. The forwards to servers are incoming from the internet.
(Theoretically you could have your pi physically between the router and the internet (modem) acting as a sort of pre-router, but this would be unusual. Perhaps you could describe your physical setup more clearly. What is physically/wirelessly connected to what, to the internet.)
Very cool, great work!
Worth noting about this approach is that the global list of subdomains is publicly searchable. So, you’ll see vulnerability and AI scans on those endpoints.
If that’s a concern for you, using path-based routing (e.g. Apache VirtualHost) allows you to use difficult to guess paths to your cloud.
Worth noting about this approach is that the global list of subdomains is publicly searchable.
Can you expand on this? What is it that you call the “global list of subdomains”?
Certificate transparency, unless you use wildcard certs
It’d be better and more accurate say the list of certificates then.
Sub domains aren’t public unless your DNS server has XFER on.
Interesting! I’m going to look into this. Not sure my provider has this in their UI
It trivial to get a list of all registered domains and subdomains and the IP addresses they map to. There are any number of paid services to make it easy (e.g. https://subdomainfinder.c99.nl/) but I’m pretty sure there’s also a way to do it yourself.
Except it isn’t. Saying it is trivial is just gross generalization. It’s trivial to configure bind to have internal zones that aren’t resolvable publically. It all depends on configuration, such as reverse ns entries, zone accessibility, etc.
You can have (sub)domains that are listed in the certificate lists and yet aren’t resolvable externally as well.
Actually, wait. Something you a said might actually be just what I’m looking for: you mean that I can have DNS entry for mydomain.com and no additional CNAMEs, and have a cert for nextcloud.mydomain.com (or wildcard maybe?) and somehow still be able to use name based virtual servers?
Hmmm. I thought I was going to be limited to path-based.
Explain more?
Absolutely. Simply use ACME with the DNS validation method. Using bind you’ll want to create keys and allow TXT access for those keys to the validation domains. Fear not, this isn’t exclusive to bind, ACME tools supports dozens of other backends. That’s all you need the actual domain doesn’t need to be resolvable with an A/CNAME record. Internally you can run an entirely different DNS server to resolve your hosts, use hosts files, or use bind zones.
Okay. Yup, that’s probably true. I’m not that deep into network stuff. But, if you’re just doing the basic, ‘ha.mydomain.com => 121.41.38.9’ that works out of the box with name based virtual hosts and reverse proxy, then yeah, you’ll get traffic on that within 24 hours.
I reckon if a person understands what you’re talking about though, they’re already doing better than most.
This is kind of why I have wild card on my main domain… Nothing on www.
Oh excellent, thanks for sharing.
Oh I thought it was sub domains for localhost. I actually wonder now if that’s possible.
It is, although they all go… to localhost
