Comment on Internal domain and reverse proxy
glitching@lemmy.ml 3 days ago
Imma be the problemXY guy here - ditch the https part. without it, you don’t gotta deal with certs, signing, shit that’s outside your LAN, etc. it’s your LAN, do you really need that level of security? who’s gonna sniff packets and shit on your LAN?
now all you need is pihole where you set up your hostnames (jellyfin.lan, nextcloud.lan, etc.) and nginx proxy that maps e.g. jellyfin.lan to 192.168.0.123:8096. both of them run plenty fine in docker.
Willdrick@lemmy.world 3 days ago
You say that, but I’ve seen so many dodgy iot devices… Specially deploying PiHole you start to see so much random traffic from stupid stuff like a smartplug or a TV box
non_burglar@lemmy.world 3 days ago
If you’re on the same subnet, no amount of reverse proxy will help with dodgy apps. It’s more appropriate to put the dodgy iot in a DMZ to control what they can do.
Putting https on these is fine, but it’s not a solution to isolating bad clients.