I've got a number of containers running different things internally (test blogs, todo lists, etc)
Some of them I want exposed to the world. Some I want accessible from inside my network (house) or over the VPN.
What's the easiest way to setup locally resolvable names that only work internally?
And what names are safe to use.
I've lost track but I think .local and .lan aren't safe to use anymore?
@peroty I image you would have different network interfaces that represent different networks on a machine. Each interface would have its own IP address. What you could do with that is setup a home DNS server on this machine and have your router consult this DNS server instead of the ISP's one. This way only the devices connected to your local network would be able to resolve custom domain names like walters.lab and be redirected to your home server.
@peroty Take a look at Traefik (traefik.io).
It allows you to define routes to containers, add authentication, limit Access to certain IP addresses etc.
@ardmore I've got nginx setup as a reverse proxy to my containers already. I've read that Traefik makes that easier. Maybe I'll look into that instead of nginx.
@peroty since you are concerned about security you might also be interested in the zero-configuration network topic: https://en.m.wikipedia.org/wiki/Zero-configuration_networking
Some invalid TLD's, like .lan *can* be used (I think there's a recommended list out there). If you are self-hosting stuff, you probably own a domain name, so you might as well use it for this.
There is also this from 2013, but not sure if it is still valid: https://tools.ietf.org/html/rfc6762#appendix-G
Everyone agrees that .local shouldn’t be used though - so I guess I should rename my hosts at some point.
@jamie @bhart Welcome to my problem. lol
I have a FQDN for my homelab. And everything pointed to a nginx reverse proxy to make it to the outside world. I'm not sure how I can take sub.fqdn.tld and make it resolve internally without going external.
Probably something in the nginx proxy but I haven't figure that out yet. Or know what term to search for.
I'm very much mucking about trying to teach myself with varying levels of success.
Basically, you need a DNS resolver inside your lan which replies with internal addresses. If you host your own DNS for external queries (unlikely), then you would need to set up your DNS server to respond differently based on where the request comes from.
How to do the above depends greatly on what you are running for network gear.
If you have something like pfsense, mikrotik, sonicwall, unifi, etc - the functionality is built in, it's just a matter of figuring out the setup.
Anyway, there were lots of videos and websites when I searched, so there's lots of help out there.
@peroty Technically you shouldn't use an invalid TLD. Best way to go is <host>.lan.example.com with a valid domain which you own. You can replace 'lan' with a location name to identify the lan, such as the city, datacenter, or even 'home'.
With this method, you can perform split DNS and if you ever need to, you can make a service routable from outside using the same name. There's other benefits too.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.