You can do that with pihole and basically any reverse proxy. The process is the same, so you can follow tutorials, you just have to set up your domain through your pihole instance instead of a registrar. You can set pihole as your dns for specific devices, or you can set it as the default dns for your network through the router.

Yes - I do this with Pi-hole. It happens to be the same domain name that I host (very few) public services on too, so those DNS names work both inside and outside my network.

Run your own DNS server on your network, such as Unbound or pihole. Setup the overrides so that domain.example.lan resolves to a local IP. Set your upstream DNS to something like 1.1.1.1 to resolve everything else. Set your DHCP to give out the IP of the DNS server so clients will use it

You don’t need to add block lists if you don’t want.

You can also run a reverse proxy on your lan and configure your DNS so that service1.example.lan and service2.example.lan both point to the same IP. The reverse proxy then redirects the request based on the requested domain name, whether that’s on a separate server or on the same server on a different port.

look into local dns servers if you want multiple machines to use your local domains if you only want a single windows or linux (and probably mac) computer to use the domain to access a specific local ip an entry in your etc/hosts file would be enough

Yup. You can run both local amd external services off the same proxy, at least with traefik and I assume others. Alternatively you could use traefik to solely for local services and Cloudflare zero trust tunnel for external. I think his traefik video covers it? If not, it covers some part.

The other part is that you need pihole setup to serve local DNS.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

8 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

[Thread #840 for this sub, first seen 29th Jun 2024, 17:35] [FAQ] [Full list] [Contact] [Source code]

You can just point your domain at your local IP, e.g. 192.168.0.100

Yup, I have a domain I purchased and on my lan I use PiHole and Caddy. All my apps and services use the format app.mydomain.com. PiHole forwards all requests for *.mydomain.com to Caddy, which handles the LE certificate (via DNS challenge) and forwards the requests to the proper IP:PORT. I started using this for everything, my Proxmox hosts, printer, my APs…

People already talked about hosting your own DNS, let me add that a reverse proxy would be used for something like mapping myhome.local:8000 to myhome.local/jellyfin.

Ive got this working with Caddy and Adguard

I use Caddy as my reverse proxy. It is running on the machine in the basement with all the different docker-container-services on different ports. My registrar is set up so that *.my-domain.com goes to my IP.

Caddy is then configured for ‘service-a.my-domain.com’ to port 1234, and the others going to their ports. This is just completely standard reverse proxy.

For some subdomains (i.e. different services) ive whitelisted only the local network. There is some config for that.

Im pretty sure that I also have to have adguard do a dns rewrite on the local network as well. That is, adguard has a rewrite for ‘*.my-domain.com’ to go to 192.168.0.22 (the local machine with caddy). I think i had to do this to ensure that when the request gets to caddy it is coming from the local whitelisted network rather than my public IP (which changes every couple months, but could be more).

I guess you can set a host on your /etc/hosts to redirect all your pterodactyl.example.com to a local ip. Also, if you need access from other computers on the local network, I think you can set up a local DNS server (such as PiHole or AdGuard Home) to reach the same solution but for all address running though your DNS server

One thing to be careful of that I don’t see mentioned is you need to setup ACLs for any local-only services that are accessible via a web server that’s public.

If you’re using the standard name-based hosting in say, nginx, and set up two domains publicsite.mydomain.com and secret.local.mydomain.com, anyone who figures out what the name of your private site is can simply use curl with a Host: header and request the internal one if you haven’t put up some ACLs to prevent it from being accessed.

You’d want to use an allow/deny configuration to limit the blowback, something like

allow internal.ip.block.here/24; deny all;

in your server block so that local clients can request it, but everyone else gets told to fuck off.

DNS? Why so complicated? Just edit your hosts file 😏