I’m using Heimdall to easily access my self hosted stuff ATM. I would like for my family to use them too if they’re so inclined, but there’s no way they will be able to remember the IP addresses, I know I can’t!
Is it a DNS I’m looking for? If so, I’m already hosting a couple of instances of Adguard, can I just set it so that Plex is 192.xxx.x.47 and snapdrop is 192.xxx.x.53 and use that to resolve the request so my 13 year old can just type Plex into his browser and find it?
Or do I need something like Caddy or Nginx or something in between?
Thanks for any advice.
DNS is what you’re looking for. To keep it simple and in one place (your adguard instance), you can add local dns entries under Filters > DNS Rewrites in the format below:
192.xxx.x.47 plex.yourdomain.xyz 192.xxx.x.53 snapdrop.yourdomain.xyz
Excellent news, at least I know where to start now. I wanna play with all the network things and learn, but I also wanna just have it sorted in 5 minutes of hacking
Its that simple to use different IPs just with DNS server:
DNS server
192.xxx.x.47 -> plex.yourdomain.xyz 192.xxx.x.53 -> snapdrop.yourdomain.xyz
But dont you have your services on the same IP and different ports? If thats the case you will also need reverse proxy like nginx. So DNS server will point your domain name (you can just make a name for local use) to your server IP. Then reverse proxy can point each name to a specific IP and port.
Reverse proxy
192.xxx.x.47:32400 -> plex.yourdomain.xyz 192.xxx.x.47:8080 -> snapdrop.yourdomain.xyz
I don’t know why you were downvoted for this, you’re right and I figured this out for myself last night when I decided to try figure it out at 1.30am after 3 beers.
I managed to get all my port 80 stuff sorted but my Arr stack for example needs something more, probably the dreaded nginx…
I’m having a look at Caddy now because I’ve never used it before, Nginx I didn’t like when I used it and I’ve recently heard the original developer has left the project and started a new one.
Nginx is a lot less painful if you use Nginx Proxy Manager. You get a nice GUI and can easily get SSL certificates with Let’s Encrypt, including wildcard certs. I’m running it in front of a docker swarm and 3 other servers, and in most cases, it takes me about 30 seconds to add a new proxy host and set it up with https using my *.domain.com wildcard cert. I also use it with Authentik as a forward proxy auth for SSO (since many containers out there don’t have the best security).
If you dont fear using a little bit of terminal, caddy imo is the better choice. It makes SSL even more brainless (since its 100% automatic), is very easy to configure (especially for reverse proxying) yet very powerful if you need it, has a wonderful documentation and an extensive extension library, doesnt require a mysql database that eats 200 MB RAM and does not have unnecessary limitations due to UI abstractions. There are many more advantages to caddy over NPM. I have not looked back since I switched.
An example caddyfile for reverse proxying to a docker container from a hostname, with automatic SSL certificates, automatic websockets and all the other typical bells and whistles:
https://yourdomain.com { reverse_proxy radarr:7878 }
I’ll check it out. I suspect configuration would likely be a little bit more complicated in my case because I’m using Authentik for proxy forward authentication and had also been using access control groups in NPM (both a LAN group and a WAN group containing Cloudflare proxy IP addresses, since currently all my publicly accessible domains proxy through Cloudflare).
Caddy and Authentik play very nicely together thanks to caddy
forward_auth
directive. Regarding acls, you’ll have to read some documentation, but it shouldnt be difficult to figure out whatsoever. The documentation and forum are great sources of info.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System Git Popular version control system, primarily for code HA Home Assistant automation software ~ High Availability HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAS Network-Attached Storage Plex Brand of media server package SSL Secure Sockets Layer, for transparent encryption SSO Single Sign-On TCP Transmission Control Protocol, most often over IP nginx Popular HTTP server
[Thread #605 for this sub, first seen 15th Mar 2024, 20:05] [FAQ] [Full list] [Contact] [Source code]
Yes, you can setup a DNS server to redirect these requisitions to the servers. However you’ll have to make sure that every single device is using the DNS server you configured.
You can also configure
avahi
(on linux) or otherzeroconf
(you must find out what zeroconf each other system have, cause I don’t know) to recognize local hostnames as mDNSI use
avahi
to discover myoctopi.local
in my network and it works like a charmI have my router point everything through my DNS servers, a main one and a backup on a pi3b, so that shouldn’t be an issue.
Except for Wifey. She hates ad blocking with a passion, so I’ve set her phones to use Google DNS servers.
Wifey also does not care one jot for what I’m playing with, it’s mainly my 13 year old ATM. Wifey likes having TV shows appear when they air in the States and that’s it.
She’s an odd one but I love her a great deal.
I shall have a look into avahi just because I’ve heard of it but never known what it actually does. Thanks
With AdGuard Home you can set your wife’s devices to bypass protection. Just set her devices to static ip and set a custom rule like:
@@||*^$client=127.0.0.1
Where
127.0.0.1
must be changed for her ip address. This rule means:@@|| = unblock
*^ = everything
$client = for this clientAdGuard Home supports static clients. Unless the instance is being used over TCP (port 53, unencrypted), it is by far the better way to use clientnames in the DNS server addresses and unblock the clients over that.
For DoT:
clientname.dns.yourdomain.com
For DoH:https://dns.yourdomain.com/dns-query/clientname
A client, especially a mobile one, can simply not guarantee always having the same IP address.
A proxy is the easy way in my opinion. You can also do straight up DNS, point your dns server to each of your IP addresses, which is by far simpler, but I prefer the nginx/caddy route.
NGinx will also handle things like SSL for you, which you can terminate at the proxy and make life a lot easier for you. So you can do things like register a domain, set up nginx to handle the certs for you, and then no more errors on “insecure connection”, even if each underlying service is only using http. Plex was specifically nice getting that up, so I could finally do
plex.my.domain.whatever
and have it be nice and https. Inside the house it’s nice, outside the house it’s even greater, especially because a proxy can route those ports for you. So plex.my.domain.whatever goes to Plex, and tautulli goes to tautulli, etc…If not using DNS, how are you directing traffic to nginx?
Was referring to using DNS to each individual service rather than one single DNS point for your entire proxy. I have
*.my.domain
pointed to my proxy which directs everything underneath it.Ok so what I need to do in my case is have my DNS direct *.crypt to my Nginx (when I get it set up) then have that direct all the bits that the star represents to the right IP/port?
Not *.crypt. say you buy mycooldomain.crypt. you then point the domain service that domain and *.mycooldomain.crypt to your public Ip.
You would then forward the ports on your router (like 80 and 443) to your proxy. This will get your external users working.
Internally you’ll need to set up your local DNS so that it knows you are the mycooldomain.crypt. there are multiple ways based on what hardware and software You’re running, do some googling. For me in my local DNS then I say *.mycooldomain.crypt points to my local proxy DNS, so that it resolves inside the network.
So, external DNS points to public Ip, router/firewall forwards those ports to proxy. Internally your DNS will reach out to your router/DNS/whatever you use to ask what that domain is and it will respond with the local IP of the proxy.
This is how I do it. It works internally and externally, though it’s more than OP needs. :)
To add to what’s been said (in case it’s useful to others), it’s worth looking at SWAG and Authelia to do the proxying for services visible to the Internet. I run them in a Docker container and it does all the proxying, takes care of the SSL certificate and auto-renews it, and adds MFA to the services you run that support it (all browsing, MFA-aware apps, etc).
Another thing I like about SWAG’s setup is that you select which services/hostnames you want to expose, name them in the SUBDOMAINS environment variable in Docker (easy to remove one if you take a service down, for maintenance, etc), and then each has its own config file in Nginx’s proxy-confs directory that does the
https://name.domain -> http://IP:port
redirection for that service (e.g. wordpress.subdomain.conf), assuming the traffic has met whatever MFA and geo-whitelisting stuff you have set up.I also have Cloudflare protecting the traffic (proxying the domain’s A record and the wildcard CNAME) to my public address, which adds another layer.
Ok that makes sense. I’m not trying to tie any of this to my external domain though, I just want to proxy Lan names at the moment.
I have a domain set up for home assistant though Cloudflare and I don’t want anything else to be externally accessible.
So what I’m currently trying to do is have radarr.crypt, Sonarr.crypt, plex.crypt, openwrt.crypt hit the correct lanIP:port
I can’t do that with just my DNS because that’s just for lanIP not port
So I’m trying to have the *.crypt go to the Nginx IP and have that proxy the name to the IP and port.
I’ve been prodding it all day and even had ChatGPT have a go at it but I’m getting nowhere.
And this is why I don’t like Nginx.
I have managed to get Nginx working and even got a pretty UI for it, but just can’t get it to proxy my IP addresses to names.
It ain’t a big deal, Heimdall does the job for now, just thought it would be a nice way to dip my toes in.
deleted by creator
Thanks, I’ve saved this comment for next time I try to do this