Currently my home server runs a few services that have a web UI. I currently access them by typing in the IP address and port number, but it’s now starting to get annoying to remember the ports.
What’s the best way to handle this?
I’ve thought of two solutions:
- I’m running a local DNS server, so I probably would be able to make CNAMEs from something like
adguard.server.local
to the IP, and do a reverse proxy with something like Caddy - Maybe there’s some unified dashboard app that is a reverse proxy with some simple frontend where I can just navigate to
server.local
and click a button to choose which specific service I want to see?
What are your opinions on this?
A reverse proxy will achieve what you’re looking for, yes. I do precisely what you’re describing. I use “local DNS” on my pihole, with CNAMEs for each service pointing to my server IP address. I’m running Caddy on the server, specifically this (because my services are running in Docker containers): https://github.com/lucaslorentz/caddy-docker-proxy
As far as a “dashboard” app, you have options there as well. I’m using Heimdall currently, but Homarr also looks pretty nice.
I’ll probably do the first thing, since the server is running AdGuard Home already.
Is pihole alone enough to do the reverse proxy, or do you need caddy as well? I’m only somewhat familiar with how these things work
PiHole can’t specify specific ports for each cname, which is what you need a reverse proxy for.
Typically, you create all of your cnames in pihole and direct them to your reverse proxy server IP. From your reverse proxy of choice, you specify each url to the specific ip:port of your service.
How can I use my Pi-hole as DNS Server also over VPN? I run Wireguard on Unraid. And while the VPN works, I can’t seem to the DNS over VPN to go my way.
Set your VPN clients to use Pihole as their DNS server.
Tried that, does not work. When I’m physically „in“ my LAN, my domains resolve correctly. Via VPN only IPs work.
Why doesn’t it work? Do you get no response at all from the DNS server? Or just a null response like NXDOMAIN or some kind of lookup failed error?
Is PiHoles DNS server set to listen on only your LAN subnet maybe?
Firewall rule blocking VPN clients maybe?
Ah, right. Pi-hole only listens for the first jump. I was stupidly assuming that the VPN tunnel exit would be part of this.
Lots of good suggestions, but no one has mentioned the simple option of browser bookmarks?
Any good browser has built in sync, so bookmarks are already shared across all of your devices.
Unfortunately I specifically opted out of any sync, because I want everything in my NixOS config also on mobile I use a different browser
There are other tools like Floccus, Nextcloud Bookmarks, etc that will handle sync across multiple browsers, so that could be an option if you wanted to do that.
I mean, if you’re problem is just remembering to type “10.0.0.100:8080” you could just have browser bookmarks. But that’s not very selfhosty. 😁
Personally, I’ve got a bit of #1 and #2 going on.
I’ve got Nginx Proxy Manager in docker that rev proxies pretty much everything and adds SSL on top. I am running an inside DNS zone, so I have a bunch of CNAMEs that all point to the host running NPM. Lastly, I’m using Dashy as the front end to it all.
Heimdall
I don’t know why people keep suggesting reverse proxy when this is what OP is looking for.
OP listed two solutions they were considering, one of which explicitly mentioned using a reverse proxy. The other mentioned using a “dashboard app”. Commenters have given useful advice regarding both.
I might do both for easier finding of the URL, but still being able to remember it and access the apps by a URL if I ever need it
I’m using Homer with links to all services based on ip. I’ve also added a local Dns entry to pi hole.
Short answer: something like nginx proxy manager with a single wildcard dns entry makes this super simple.
Thanks ended up doing a wildcard dns entry but not with Nginx Proxy Manager but with Caddy. On NixOS I can just add like 3 lines of code to declare a reverse proxy for a specific service in the same file where I enable same service.
Wait, does it mean I can use something like *.example.com in my pihole for all services? Atm Im using jellyfin.example.com, nextcloud.example.com, etc.
Exactly.
As long as you don’t need something like mail.example.com to point somewhere else.
I have a subdomain for my home stuff (so jellyfin.h.example.com and h.example.com is the wildcard) so that any other subdomains are still usable for internet things.Only thing is, Pihole doesn’t have it in the UI. It’s widely requested, so I’m sure it will come soon™
If you are happy SSHing in, tweaking some files, then it’s doable.
https://hetzbiz.cloud/2022/03/04/wildcard-dns-in-pihole/Edit: I actually use my router as my DNS, with its DNS set to be the pihole. My router can do wildcard DNS overrides. However, I do lose insights from the pihole metrics: all requests are from 10.0.0.1
Nice, thank you. Ill try that
Ill just recommend homepage as dashboard
They could’ve added a screenshot or at least something that shows how it looks/could look.
There is a screenshot on github
Looks good. Will try this out…
If you are running everything in containers then there’s a very simple and straightforward solution for this. Run your reverse proxy (NPM, Caddy, whatever) on two network (internal and external or whatever you want to call them). In the external network is where you will map your host port to the reverse proxy container. For example, on NPM it’s 81 so you map host 81 to container 81. You should then be able to go to http://localhost:81. The internal network will be where your reverse proxy will talk to your other two web services you want to run so make sure you add your other services to this internal network.
On your DNS (personally I run PiHole) point your service name (as guard) to the IP of the host running your reverse proxy. Do an nslookup on the name to make sure you actually get the right IP for the name you want.
Login to your reverse proxy and configure a proxy host to point to the name of the container and the correct port. Since the reverse proxy is on the same “internal” network, they should be able to talk to each other via names rather than IPs.
Test your connection to the service on your browser.
Another solution (less technical but much faster) would be to runa dashboard service like Heimdall then just add a “link” to the service you want and the port it’s running on. Then you will have a single link to click on that will take you where you want without typing manually. You could even add the dashboard as your browser default page on startup.
There are other ways to skin this cat but these two solutions will get you where you want to go quickly.
I would personally run reverse proxy separately since it’s more critical than dashboard. I personally run traefik. For dashboard check homarr if you are running other arr apps I think it is an interesting choice.
I’m currently torn between Homarr and Homepage. I do have other arr apps, but homepage still seems to have more services supported…
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol PiHole Network-wide ad-blocker (DNS sinkhole) SSL Secure Sockets Layer, for transparent encryption VPN Virtual Private Network nginx Popular HTTP server
6 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.
[Thread #70 for this sub, first seen 20th Aug 2023, 01:25] [FAQ] [Full list] [Contact] [Source code]
According point 2: I choose homepage over Heimdall. It has more direct integrations (e.g. Homeassistant, Synology, Paperless-ngx, Warchtower…) where you can display specific information directly on your dashboard. It is easily set up by a couple .yaml files. You can find lots of examples online and in the documentation.
Wow, that looks good! Thanks!
Set up a domain with a main site that has links to your different services, then set up reverse proxies so you can put certificates on them and serve them all on port 443. If your WAN IP is relatively static then you can forward ports 80 and 443 to your server and use your own domain, if not you can use something like FreeDNS. Or skip the last bit if you don’t need WAN access.
If you want them accessible from outside. I just favorite the ip:port for the internal stuff or you can use something like https://github.com/linuxserver/Heimdall