I’m going round in circles on this one.
What I want to do is:
- serve up my self-hosted apps with https (to local clients only - nothing over the open web)
- address them as ‘app.server.lan’ or ‘sever.lan/app’
- preferably host whatever is needed in docker
I think this is achievable with a reverse proxy, some kind of DNS server and self-signed certs. I’m not a complete noob but my knowledge in this area is lacking. I’ve done a fair bit of research but I’m probably not using the right terminology or whatever.
Would anyone have a link to a good guide that covers this?
Imma be the problemXY guy here - ditch the https part. without it, you don’t gotta deal with certs, signing, shit that’s outside your LAN, etc. it’s your LAN, do you really need that level of security? who’s gonna sniff packets and shit on your LAN?
now all you need is pihole where you set up your hostnames (jellyfin.lan, nextcloud.lan, etc.) and nginx proxy that maps e.g. jellyfin.lan to 192.168.0.123:8096. both of them run plenty fine in docker.
You say that, but I’ve seen so many dodgy iot devices… Specially deploying PiHole you start to see so much random traffic from stupid stuff like a smartplug or a TV box
If you’re on the same subnet, no amount of reverse proxy will help with dodgy apps. It’s more appropriate to put the dodgy iot in a DMZ to control what they can do.
Putting https on these is fine, but it’s not a solution to isolating bad clients.