I know there are quite a few setup tutorials out there but being a noob when it comes to networking beyond the basics Im having a bit of trouble understanding and aggregating the information i need for exactly what i want to do. i want:
individual apps accessible via urls on my local network (ie truenas.jellyfin, jellyfin.local or similar)
also accessable over my tailnet using the same url if at all possible
if using the same url for tailscale is possible i want to make sure it will prioritize/attempt a lan connection first so it is not connecting through tailscale/wan while on my home network
completely self hosted using adguard home or something as the dns provider, or however that works (using adguard would also be convenient since i want to move away from nextdns once my subscription is up)
ssl and https (i know this is built into nginx, just need to figure out the domain to feed letsencrypt)
nothing exposed to the internet whatsoever, access is only via lan or tailscale
no, but i was hoping to basically generate my own so to speak since nothing is going to be exposed to the internet. does it require an internet facing/originating domain to be able to use lets encrypt?
the only thing is the guide uses cloudflare, is it possible to use adguard or something for the dns records or is an outside provider absolutely required? what if i forgo ssl?
Let’s Encrypt helps create a trusted certificate for a domain you own. If you don’t own a domain then Let’s Encrypt is not going to be useful to you. The domain does not need to be publically accessible, but if it’s not then you at least need to use a publicly accessible DNS record, otherwise Let’s Encrypt won’t have any way of verifying your domain name ownership.
Adguard is locally run, is it not? Kind of like a Pihole. That’s not going to work with Let’s Encrypt.
Then you will have a server without SSL encryption. For LAN use only that is fine, at least from a security perspective. Browsers will show warnings and may not be willing to save passwords and such though.
i understand why lets encrypt wont work for a self hosted domain and thats a bridge i can cross at another time, im still having a hard time getting why i cant just do something like put arbitrary domain names as proxys or redirects or whatever into npm that point to an app ip:port that it can then just resolve, no actual domain hosts required.
so i think ive come up with one part of the equation, using adguard dns rewires i can create an arbitrary domain name and point it to a local ip but i cannot specify a port so it just opens up the truenas webui even using an alias ip for the app. how can i pass this to npm so i can use it to add the port on to the ip to get to access the app? or is there an even simpler way possibly?
No, of course not–DNS doesn’t really handle ports in this context. Here’s how it works, in the normal case:
NPM listens on ports 80/443, the standard HTTP/HTTPS ports
This means that, if it has the same IP as your web UI (which it ordinarily would), you need to set the web UI to listen on different ports
You have an app running–let’s say it’s Jellyfin, on the same IP, at port 8096
You set up a local DNS record (in Adguard, or whatever) pointing jellyfin.home to the IP of your server
You set up a proxy host in NPM called jellyfin.home, and set it to proxy to that same IP address, port 8096
The process is described in the guide below, though with additional material describing getting a certificate–you won’t be using that in this scenario:
i was on the right track but missed a step, setting the webui ports +1 and giving npm the proper ones seems to have everything working correctly now using my redirects in adguard which point to an npm proxy.
