• 0 Posts
  • 52 Comments
Joined 9 months ago
cake
Cake day: February 1st, 2024

help-circle



  • My method:

    VPS with reverse proxy to my public facing services. This holds SSL certs, and communicates with home network through WireGuard link configured on my router.

    Local computer with reverse proxy for all services. This also has SSL certs, and handles the same services as the VPS, so I can have local/LAN speeds. Additionally, it serves as a reverse proxy for all my private services, such as my router/switches/access point config pages, Jellyfin, etc.

    No complaints, it mostly just works. I also have my router override DNS entries for my FQDN to resolve locally, so I use the same URL for accessing public services on my LAN.




  • Another fun trick you can play is to use a private IP on your public DNS records. This is useful for Jellyfin on Chromecast for instance — it uses 8.8.8.8 for DNS lookup (and ignores your router settings), so it wants a fully qualified domain name. But it has no problem accessing local hosts, so long as it’s from 8.8.8.8’s record.


  • I have set up local DNS entries (with Pi-Hole) to point to my srrver, but I don’t know if it possible to get certs for that, since it is not a real domain.

    So long as your certs are for your fully qualified domain there’s no problem. I do this, as do many people — mydoman.com is fully qualified, but on my own network I override the DNS to the local address. Not a problem at all — DNS is tied to the hostname, not the IP.



  • I think (?) it’s generally true that the root user should never mess with users’ files.

    Imagine your home directory is shared across many systems on a network (my alma mater did this). It would be really bad if a sysadmin for alpha.university.edu removed a program, and suddenly your personal settings were removed from beta.university.edu — even though that computer still has the program.

    This is one of the “UNIX on the desktop” issues — a lot is designed for a sysadmin/multiuser situation, and it has some gotchas when using it as a desktop machine (I’m used to/really appreciate the directory structure and settings management at this point, but it may take some getting used to).