I’m using Heimdall to easily access my self hosted stuff ATM. I would like for my family to use them too if they’re so inclined, but there’s no way they will be able to remember the IP addresses, I know I can’t!
Is it a DNS I’m looking for? If so, I’m already hosting a couple of instances of Adguard, can I just set it so that Plex is 192.xxx.x.47 and snapdrop is 192.xxx.x.53 and use that to resolve the request so my 13 year old can just type Plex into his browser and find it?
Or do I need something like Caddy or Nginx or something in between?
Thanks for any advice.
DNS is what you’re looking for. To keep it simple and in one place (your adguard instance), you can add local dns entries under Filters > DNS Rewrites in the format below:
192.xxx.x.47 plex.yourdomain.xyz 192.xxx.x.53 snapdrop.yourdomain.xyz
Excellent news, at least I know where to start now. I wanna play with all the network things and learn, but I also wanna just have it sorted in 5 minutes of hacking
Its that simple to use different IPs just with DNS server:
DNS server
192.xxx.x.47 -> plex.yourdomain.xyz 192.xxx.x.53 -> snapdrop.yourdomain.xyz
But dont you have your services on the same IP and different ports? If thats the case you will also need reverse proxy like nginx. So DNS server will point your domain name (you can just make a name for local use) to your server IP. Then reverse proxy can point each name to a specific IP and port.
Reverse proxy
192.xxx.x.47:32400 -> plex.yourdomain.xyz 192.xxx.x.47:8080 -> snapdrop.yourdomain.xyz
I don’t know why you were downvoted for this, you’re right and I figured this out for myself last night when I decided to try figure it out at 1.30am after 3 beers.
I managed to get all my port 80 stuff sorted but my Arr stack for example needs something more, probably the dreaded nginx…
I’m having a look at Caddy now because I’ve never used it before, Nginx I didn’t like when I used it and I’ve recently heard the original developer has left the project and started a new one.
Nginx is a lot less painful if you use Nginx Proxy Manager. You get a nice GUI and can easily get SSL certificates with Let’s Encrypt, including wildcard certs. I’m running it in front of a docker swarm and 3 other servers, and in most cases, it takes me about 30 seconds to add a new proxy host and set it up with https using my *.domain.com wildcard cert. I also use it with Authentik as a forward proxy auth for SSO (since many containers out there don’t have the best security).
If you dont fear using a little bit of terminal, caddy imo is the better choice. It makes SSL even more brainless (since its 100% automatic), is very easy to configure (especially for reverse proxying) yet very powerful if you need it, has a wonderful documentation and an extensive extension library, doesnt require a mysql database that eats 200 MB RAM and does not have unnecessary limitations due to UI abstractions. There are many more advantages to caddy over NPM. I have not looked back since I switched.
An example caddyfile for reverse proxying to a docker container from a hostname, with automatic SSL certificates, automatic websockets and all the other typical bells and whistles:
https://yourdomain.com { reverse_proxy radarr:7878 }
I’ll check it out. I suspect configuration would likely be a little bit more complicated in my case because I’m using Authentik for proxy forward authentication and had also been using access control groups in NPM (both a LAN group and a WAN group containing Cloudflare proxy IP addresses, since currently all my publicly accessible domains proxy through Cloudflare).
Caddy and Authentik play very nicely together thanks to caddy
forward_auth
directive. Regarding acls, you’ll have to read some documentation, but it shouldnt be difficult to figure out whatsoever. The documentation and forum are great sources of info.
I use Heimdall too, with a bunch of other things. One of them is Pihole.
Pihole will not only help blocking ads at DNS level, it will also work as DHCP server and resolve localy configured addresses, like homepage.ourhome.
Put it on your network and disable the DHCP feature in your WiFi router/firewall (you may need to explicitly set it to forward DHCP to Pihole).
One warning, do not set up names like host.local. the TLD .local is reserved it will cause issues.
Awesome.
Adguard and piHole share a lot of features and I’ve spent time with both of them. I liked phole a lot but I have kids and one feature I liked about Adguard was that I could set up groups (so the kids get a group and essential services get another) and I could in theory just switch off internet to the kids’ devices as a punishment, or even services like Fortnite or whatever.
So that’s why I picked Adguard.
Now before I bought my server pc I bought an old Nighthawk router/modem on eBay specifically because I could use it to replace my ISP router that was locked down (seriously, everyone in the building uses this ISP and all the WiFi bands are the same!) I can lock devices out of the WiFi with that now if I do desire, but honestly the threat is enough so far lol.
First thing I did was send DNS to Adguard. I have run DHCP through Adguard before and it just jammed up and worked a bunch of times until I had to change it back or withstand ear bashings from my 10 year old because it kept killing his online gaming.
So as far as I can see, I don’t have to use the DHCP feature to resolve the names to ip addresses, since the IP address resolves to the name via a domain name server, DNS, the Adguard, right?
I was considering .Lan but I like your .ourhome idea. We live in an old church and have The-Crypt (it was gonna be de-crypt but I changed my mind last minute) as the WiFi address so .crypt is sounding good.
i wouldnt say im an expert at it as ive only had my media server for a month now, but how i approached making it user friendly was buying a domain name, and using a cloudflare tunnel to link your ip addresses/port to a subdomain.domain combination.
e.g i have overseer accessible by overseerr.domainname.extention and have it linked to the servers ipadress and port number. if i wanted to add another one, i would for example add a new subdomain and do the same (e.g plex.domainname.extention and point it to the correct ip/port combo)
although this has the cost of owning a domain, it doesnt require you to open a port so its better for security reasons
I have done this with Home Assistant. It’s at ha.mydomain.com after I treated myself to a domain for Christmas.
The only issue I have with this is that my server is a hole in my lan.
I have a pretty good password on my HA but that can’t be said for any of my internal stuff.
Plus I’ve since discovered the amazing world of Tailscale and I’m fiddling with that. I didn’t realise it was so easy to always be on my own network even when I’m not, I found a setting on android that means I’m always in my Tailnet. This makes me wonder if the domain was a waste of money (it wasn’t) but then remember there’s more than just me in the house, and I use the domain for prescence detection by having my family install the HA app, logged in through the domain.
I shall certainly use this method in the future if any of my family want access to anything while they’re out and about, but I could probably just set em up on Tailscale and share it that way with less hassle
FYI there’s an option between opening ports and TailScale. Cloudflare tunnels have a connection started from within your network to cloudflare servers, and your internal services can be accessed through that connection. Throw a zero trust wall in front of that, and you have a secure login, in front of your now publicly accessible services.
Home Assistant even has an addon for it.
Ace! Thanks. There’s so much to delve into in networking, it’s a bit daunting tbh.
That’s why I asked, when you know a little but not a lot it’s hard trying to figure out where to look.
At least by asking I have some ideas where to start poking my nose.