I’m sure I’m massively overthinking this, but any help would be greatly appreciated.
I have a domain name that I bought through NameCheap and I’ve pointed it to Cloudflare (i.e. updated the name servers). I have a Synology NAS on which I run Docker and a few containers. Up until now I’ve done this using IP addresses and ports to access everything (I have a Homepage container running and just link to everything from there).
But I want to setup SSL and start running Vaultwarden, hence purchasing a domain name to make it all easier.
I tried creating an A record in Cloudflare to point to the internal IP of my NAS (and obviously, this couldn’t be orange-clouded through CF because it’s internal to my LAN). I’m very reluctant to point the A record to the external IP of my NAS (which, for added headache is dynamic, so I’d need to get some kind of DDNS) because I don’t want to expose everything on my NAS to the Internet. In actual fact, I’m not precious about accessing any of this stuff over the internet - if I need remote access I have a Tailscale container running that I can connect to (more on that later in the post). The domain name was purely for ease of setting up SSL and Vaultwarden.
So I guess my questions are:
I’m sure these are all noob-type questions, but for the past 6-7 years I’ve purely used this internally using IP:port combinations, so never had to worry about domain names and external exposure, etc.
Many thanks in advance!
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Yep exactly!
Nothing, it’s local to your network only so it only affects you. You could set
google.com
to return whatever IP you want for example, but it would prevent you from actually accessing google.The only thing you need Cloudflare (or another DNS-01 supported service) for, is getting letsencrypt SSL certificates. Since it uses automatically generated public DNS records on your domain name to verify that you own it.
Yep it’s done through Traefik either way, their docs should have a section on SSL with cloudflare IIRC.
Absolute superstar, thanks for your help so far. I’ll make a start on some of this tomorrow and see how far I get — either with Traefik or NPM.
Do I need to do anything with the domain itself on Cloudflare at the moment? Or do I just leave it with its current A record pointing at an IP address (it was done as part of the setup in Cloudflare so I have no idea what that IP address is).
Obviously that domain in reality will just sit there doing nothing.
Yeah you can just leave it, delete the A record if you want to.
OK so made a start with this. Spun up a Pi-hole container, added mydomain.com as an A record in Local DNS, and created a CNAME for traefik.mydomain.com to point to mydomain.com.
In Cloudflare, I removed the mydomain.com A record and the www CNAME record.
Doing an nslookup on mydomain.com I get
Which I guess is to be expected.
However, when I then navigate to http://traefik.mydomain.com in my browser, I’m met with a Cloudflare error page: https://imgur.com/XhKOywo.
Below is the docker-compose of my traefik container:
My traefik.yml is also nice and basic at this point:
Any ideas what’s going wrong? I’m unclear on why the domain is still routing to Cloudflare.
It sounds like your client isn’t using PiHole for DNS, do you see the DNS lookup come through the pihole logs?
Actually, no I don’t see anything coming through.
So the IP address of my router is 192.168.1.1, IP of my NAS is 192.168.1.116.
Checked the DNS on my Mac and it’s 192.168.1.1. Checked the DNS on my NAS and it’s 192.168.1.1. I changed the DNS in my router to 192.168.1.116.
Have I missed a step somewhere?
It sounds like you haven’t updated your routers DHCP server to hand out the Pihole IP to clients. You can manually set the DNS server to the Pihole IP on your Mac for testing too.
The flow should be: Clients > Pihole > Router > Public DNS
Or you can skip the router: Clients > Pihole > Public DNS
I wasn’t planning on using Pi-hole for DHCP - I have a LOT of reserved addresses on my network and I don’t fancy having to move them all over. My hope had been to use Pi-hole for DNS but keep the DHCP reservation with the router.
I’ve manually updated the DNS on my Mac to 192.168.1.116 and I can now access the Traefik dashboard via http://traefik.mydomain.com:8080 (so, getting there). So some kind of issue with the DNS on my router I think - caching maybe?
Yeah that’s fine, you just need to change the DHCP settings on your router so it gives the Pihole IP for DNS. It’s possible some routers don’t allow that though.
I think the pihole container needs to be on the host network or macvlan?
I’ve just added in a macvlan network to my Pi-hole compose as well, not sure if it’s making any difference or not.