Almost forgot before going to bed but I feel bi-weekly is a good rhythm for this.
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
I’m a new selfhoster and reached the limit on what my DS923+ can handle after setting up an Immich instance (on top of qbitorrent, radarr/sonarr, plex). So I picked up a mini PC this week and migrated the Immich stack over (pointing to an NFS mount for the NAS!) and now it’s running super smooth 🙌 Now I’m hype to move over more services and eventually start separating out media services from mission-critical stuff like photos when I have another machine handy.
I wanted to set up local domain resolution for my devices in order to stop having to visit sites with the local 192.168.1.x IP, so I started following some guides to run dnsmasq on the mini PC (Ubuntu Server) and add entries to /etc/hosts. It was pretty easy to get working OK, but for whatever reason the DNS doesn’t seem to be working on a fresh boot. My local workstation can’t ping the custom DNS entries for my devices until I
sudo systemctl restart dnsmasqon the mini PC, after which everything works fine, which leads me to believe it’s some weird boot order problem? I’m trying not to screw with it too much before bed, but hopefully I can figure out what’s going on this week.If you want to have domains assigned to local IP addresses, you can also use Pihole as a local DNS! It’s a very nice tool for adblocking on network level anyways, can only recommend it.
Awesome thank you, this is what I ended up setting up today. It’s a bit of an awkward solution for now, I would very much like to use it for its ad blocking functionality but I’m unsure if I want to make it my only DNS provider while I’m still migrating services over to the mini PC and messing with the server config. I had set up Pihole years ago and my wife ran into problems using some apps on her phone so I think I’d need to be more proactive about making sure that’s working this time around too.
I get that, I plan to add another pihole ad some point so I can enter 2 nameservers at my router. There are solutions to sync all config between the piholes.
Highly suggest putting Caddy on a machine, forwarding port 443 and 80 to caddy, and then letting it do your reverse-proxy stuff. Register a domain name, give it your IP address, and then tell caddy that ‘immich.yourdomain.bleh’ goes to port 78789 and plex goes to ‘media.yourdomain.bleh’ port 89898 – Caddy handles all of the TLS stuff, handshaking, you name it - so you can have secure sites with proper certs.
Then make sure those things are isolated from your home network through vlans if your router supports it.
You can get fancier with it using a tailscale and getting some datacenter IP to forward into your network
I set up DNS challenge with Let’s Encrypt with Caddy, and now I don’t need to forward anything to it if I don’t want to.
DNS challenge so you can get a wildcard cert? Or is it still per domain? I haven’t looked recently but it seemed difficult but I’d like to avoid transparency log installs where I can.
You can do both (not sure how wildcard works through Caddy though), I did it per domain. I prefer doing TLS trunking per device, hence no wildcard.
Thanks for the advice, I didn’t know a reverse proxy was what I was setting up though I’ve seen that term all over. I think Caddy is likely in my future but I already have basic access to my home network through a Wireguard tunnel for now so I was hoping dnsmasq could solve for my case without getting too fancy or exposing any ports. I think I should probably try to learn about reverse proxies more generally to figure out the next steps forward.