this post was submitted on 20 Aug 2023
51 points (93.2% liked)

Selfhosted

41396 readers
933 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Currently my home server runs a few services that have a web UI. I currently access them by typing in the IP address and port number, but it’s now starting to get annoying to remember the ports.

What’s the best way to handle this?

I’ve thought of two solutions:

  1. I’m running a local DNS server, so I probably would be able to make CNAMEs from something like adguard.server.local to the IP, and do a reverse proxy with something like Caddy
  2. Maybe there’s some unified dashboard app that is a reverse proxy with some simple frontend where I can just navigate to server.local and click a button to choose which specific service I want to see?

What are your opinions on this?

top 37 comments
sorted by: hot top controversial new old
[–] [email protected] 27 points 1 year ago (2 children)

A reverse proxy will achieve what you're looking for, yes. I do precisely what you're describing. I use "local DNS" on my pihole, with CNAMEs for each service pointing to my server IP address. I'm running Caddy on the server, specifically this (because my services are running in Docker containers): https://github.com/lucaslorentz/caddy-docker-proxy

As far as a "dashboard" app, you have options there as well. I'm using Heimdall currently, but Homarr also looks pretty nice.

[–] [email protected] 4 points 1 year ago

I’ll probably do the first thing, since the server is running AdGuard Home already.

[–] [email protected] 3 points 1 year ago (1 children)

Is pihole alone enough to do the reverse proxy, or do you need caddy as well? I’m only somewhat familiar with how these things work

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (1 children)

PiHole can't specify specific ports for each cname, which is what you need a reverse proxy for.

Typically, you create all of your cnames in pihole and direct them to your reverse proxy server IP. From your reverse proxy of choice, you specify each url to the specific ip:port of your service.

[–] [email protected] 1 points 1 year ago (1 children)

How can I use my Pi-hole as DNS Server also over VPN? I run Wireguard on Unraid. And while the VPN works, I can’t seem to the DNS over VPN to go my way.

[–] [email protected] 2 points 1 year ago (1 children)

Set your VPN clients to use Pihole as their DNS server.

[–] [email protected] 1 points 1 year ago (1 children)

Tried that, does not work. When I’m physically „in“ my LAN, my domains resolve correctly. Via VPN only IPs work.

[–] [email protected] 1 points 1 year ago (1 children)

Why doesn't it work? Do you get no response at all from the DNS server? Or just a null response like NXDOMAIN or some kind of lookup failed error?

Is PiHoles DNS server set to listen on only your LAN subnet maybe?

Firewall rule blocking VPN clients maybe?

[–] [email protected] 1 points 1 year ago

Ah, right. Pi-hole only listens for the first jump. I was stupidly assuming that the VPN tunnel exit would be part of this.

[–] [email protected] 10 points 1 year ago (1 children)

Lots of good suggestions, but no one has mentioned the simple option of browser bookmarks?

Any good browser has built in sync, so bookmarks are already shared across all of your devices.

[–] [email protected] 1 points 1 year ago (1 children)

Unfortunately I specifically opted out of any sync, because I want everything in my NixOS config also on mobile I use a different browser

[–] [email protected] 1 points 1 year ago

There are other tools like Floccus, Nextcloud Bookmarks, etc that will handle sync across multiple browsers, so that could be an option if you wanted to do that.

[–] [email protected] 8 points 1 year ago

I mean, if you're problem is just remembering to type "10.0.0.100:8080" you could just have browser bookmarks. But that's not very selfhosty. 😁

Personally, I've got a bit of #1 and #2 going on.

I've got Nginx Proxy Manager in docker that rev proxies pretty much everything and adds SSL on top. I am running an inside DNS zone, so I have a bunch of CNAMEs that all point to the host running NPM. Lastly, I'm using Dashy as the front end to it all.

[–] Hagenman 7 points 1 year ago (1 children)
[–] [email protected] -2 points 1 year ago (2 children)

I don't know why people keep suggesting reverse proxy when this is what OP is looking for.

[–] [email protected] 2 points 1 year ago

OP listed two solutions they were considering, one of which explicitly mentioned using a reverse proxy. The other mentioned using a "dashboard app". Commenters have given useful advice regarding both.

[–] [email protected] 1 points 1 year ago

I might do both for easier finding of the URL, but still being able to remember it and access the apps by a URL if I ever need it

[–] MajinBlayze 4 points 1 year ago (2 children)

Short answer: something like nginx proxy manager with a single wildcard dns entry makes this super simple.

[–] [email protected] 2 points 1 year ago

Thanks ended up doing a wildcard dns entry but not with Nginx Proxy Manager but with Caddy. On NixOS I can just add like 3 lines of code to declare a reverse proxy for a specific service in the same file where I enable same service.

[–] [email protected] 1 points 1 year ago (1 children)

Wait, does it mean I can use something like *.example.com in my pihole for all services? Atm Im using jellyfin.example.com, nextcloud.example.com, etc.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Exactly.
As long as you don't need something like mail.example.com to point somewhere else.
I have a subdomain for my home stuff (so jellyfin.h.example.com and h.example.com is the wildcard) so that any other subdomains are still usable for internet things.

Only thing is, Pihole doesn't have it in the UI. It's widely requested, so I'm sure it will come soon™

If you are happy SSHing in, tweaking some files, then it's doable.
https://hetzbiz.cloud/2022/03/04/wildcard-dns-in-pihole/

Edit: I actually use my router as my DNS, with its DNS set to be the pihole. My router can do wildcard DNS overrides. However, I do lose insights from the pihole metrics: all requests are from 10.0.0.1

[–] [email protected] 1 points 1 year ago

Nice, thank you. Ill try that

[–] [email protected] 4 points 1 year ago

I'm using Homer with links to all services based on ip. I've also added a local Dns entry to pi hole.

[–] [email protected] 3 points 1 year ago (1 children)

Ill just recommend homepage as dashboard

[–] asbestos 6 points 1 year ago (1 children)

They could’ve added a screenshot or at least something that shows how it looks/could look.

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 0 points 1 year ago

Looks good. Will try this out...

[–] gregorjan 3 points 1 year ago (1 children)

I would personally run reverse proxy separately since it's more critical than dashboard. I personally run traefik. For dashboard check homarr if you are running other arr apps I think it is an interesting choice.

[–] [email protected] 1 points 1 year ago

I’m currently torn between Homarr and Homepage. I do have other arr apps, but homepage still seems to have more services supported…

[–] lal309 3 points 1 year ago

If you are running everything in containers then there’s a very simple and straightforward solution for this. Run your reverse proxy (NPM, Caddy, whatever) on two network (internal and external or whatever you want to call them). In the external network is where you will map your host port to the reverse proxy container. For example, on NPM it’s 81 so you map host 81 to container 81. You should then be able to go to http://localhost:81. The internal network will be where your reverse proxy will talk to your other two web services you want to run so make sure you add your other services to this internal network.

On your DNS (personally I run PiHole) point your service name (as guard) to the IP of the host running your reverse proxy. Do an nslookup on the name to make sure you actually get the right IP for the name you want.

Login to your reverse proxy and configure a proxy host to point to the name of the container and the correct port. Since the reverse proxy is on the same “internal” network, they should be able to talk to each other via names rather than IPs.

Test your connection to the service on your browser.

Another solution (less technical but much faster) would be to runa dashboard service like Heimdall then just add a “link” to the service you want and the port it’s running on. Then you will have a single link to click on that will take you where you want without typing manually. You could even add the dashboard as your browser default page on startup.

There are other ways to skin this cat but these two solutions will get you where you want to go quickly.

[–] EncryptKeeper 2 points 1 year ago (1 children)

Those are the two options, basically. Both are good. 1 is cleaner but requires more configuration, 2 is much quicker to set up every time you set up a new service. I would say that if your main goal is just the convenience, just go with option 2.

If however you have less technical users of your services, or you’re interested in learning about reverse proxies, or you just want to do it the cleanest way possible, go option 1.

[–] [email protected] 1 points 1 year ago

Honestly for me I have to add code to my NixOS configuration to add a service anyways, and adding a reverse proxy alongside is like literally 5 lines of code, so I’m fine with it!

https://github.com/n3oney/nixus/blob/0f7a853052595c453a0f3d762fb1a3b7715ad44c/modules/services/adguard.nix#L37

[–] [email protected] 2 points 1 year ago (1 children)

According point 2: I choose homepage over Heimdall. It has more direct integrations (e.g. Homeassistant, Synology, Paperless-ngx, Warchtower…) where you can display specific information directly on your dashboard. It is easily set up by a couple .yaml files. You can find lots of examples online and in the documentation.

[–] [email protected] 1 points 1 year ago

Wow, that looks good! Thanks!

[–] B16_BR0TH3R 1 points 1 year ago* (last edited 1 year ago) (1 children)

Set up a domain with a main site that has links to your different services, then set up reverse proxies so you can put certificates on them and serve them all on port 443. If your WAN IP is relatively static then you can forward ports 80 and 443 to your server and use your own domain, if not you can use something like FreeDNS. Or skip the last bit if you don't need WAN access.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

If you want them accessible from outside. I just favorite the ip:port for the internal stuff or you can use something like https://github.com/linuxserver/Heimdall

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
PiHole Network-wide ad-blocker (DNS sinkhole)
SSL Secure Sockets Layer, for transparent encryption
VPN Virtual Private Network
nginx Popular HTTP server

6 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.

[Thread #70 for this sub, first seen 20th Aug 2023, 01:25] [FAQ] [Full list] [Contact] [Source code]