How would I set up local DNS or DNS rewrite

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨RagingHungryPanda@lemm.ee⁩ to ⁨selfhosted@lemmy.world⁩

I have a gl-inet router on which I have an nginx config to send traffic to Nginx Proxy Manager and DDNS with cloudflare.

I’m trying to get some kind of local dns set up so that if I’m on the local network, traffic stays within the network. The problem that I’m running in to is SSL certificates. NPM is handling those and I thought that what I could do is go into the AdGuard Home config and add a dns rewrite to point to the router and traffic would flow as it normally does.

This DOES work, technically. traceroute shows only one hop for any of my subdomains, ie files.mydomain.com.

But I cannot actually get access in a browser because the ssl certificates are not set up.

It seems like options are: manually copy certificates from the server to the router (not ideal), or don’t do it at all. I notice that if I go to the service by ip address, it’ll change the address to the domain name. Eg going to 192.168.8.111:30027 -> files.mydomain.com.

This isn’t a HUGE deal, but it’s not preferable. How have you all solved this?

source

Comments

Sort:hotnew top

CompactFlax@discuss.tchncs.de ⁨3⁩ ⁨weeks⁩ ago
If you are establishing a TLS connection to a server, the server will need a certificate. It sounds like you’re trying to have two instances of a reverse proxy - one on the server, and one on the router. It may be my ignorance of the particulars, but my immediate thought is that you should select one point in the network to do reverse proxying.

source
- RagingHungryPanda@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
  I think you might be right on that. I was originally not wanting to do any port forwarding on the router, but I may have to
  
  source
  - CompactFlax@discuss.tchncs.de ⁨3⁩ ⁨weeks⁩ ago
    It’s possible but it’s an extra pain in the butt.
    
    Internally, have you tried pointing the DNS directly to the ngnix server, not the router? There’s no reason to have that extra hop (I don’t think).
    
    source
    -> View More Comments
Asparagus0098@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
You don’t need 2 reverse proxies as others have said. What I did is just add a DNS rewrite entry on my adguardhome instance to point my domain.tld to the LAN IP of my reverse proxy.

source
- RagingHungryPanda@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
  Hmm, i may have to get my admin ui’s off of ports 80/443 and port forward with NPM on those ports instead. The reason I was using nginx on the router was so the server could keep the UI on the normal ports and Nginx elsewhere.
  
  I think then I could remove the router Nginx entries and add the DNS rewrite
  
  source
  - Asparagus0098@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
    Do you actually need to move the admin ui off of port 80/443 if you are just forwarding ports? I don’t know too much about port forwarding since I use Tailscale because of CGNAT.
    
    source
    -> View More Comments
ohshit604@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
I personally couldn’t even get ssl/tls working with NPM, reverse proxying worked but it really didn’t feel right.

Eventually learned about SWAG and had a much better experience setting it up. Now here I am on Traefik thriving.

source
catloaf@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
What exactly is the problem with the certs? It should be trivial to issue them for the correct name and trust them.

source
- RagingHungryPanda@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
  So even if I remove the SSL cert lines from the router Nginx config, it seems to be applying the router’s SSL certificate. I commented out some lines to use a certificate for my root domain, but I’d rather NPM handle that, which doesn’t seem to be happening.
  
  source
  - catloaf@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
    Why is your router doing TLS termination? Stop that.
    
    source
    -> View More Comments