• @state_electrician@discuss.tchncs.de
    link
    fedilink
    English
    44 months ago

    I found options like .local and now .internal way too long for my private stuff. So I managed to get a two-letter domain from some obscure TLD and with Cloudflare as DNS I can use Caddy to get Let’s Encrypt certs for hosts that resolve to 10.0.0.0/8 IPs. Caddy has plugins for other DNS providers, if you don’t want to go with Cloudflare.

    • @kudos@lemmy.ml
      link
      fedilink
      English
      34 months ago

      Might be an idea to not use any public A records and just use it for cert issuance, and Stick with private resolvers for private use.

      • @state_electrician@discuss.tchncs.de
        link
        fedilink
        English
        34 months ago

        It’s a domain with hosts that all resolve to private IP addresses. I don’t care if someone manages to see hosts like vaultwarden, cloud, docs or photos through enumeration if they all resolve to 10.0.0.0/8 addresses. Setting up a private resolver and private PKI is just too much of a bother.

        • @fine_sandy_bottom
          link
          English
          14 months ago

          My set up is similar to this but I’m using wildcards.

          So all my containers are on 10.0.0.0/8, and public dns server resolves *.sub.domain.com to 10.0.0.2, which is a reverse proxy for the containers.