When all parts come together 馃槈 I now have S3 compatible storage with #garage in my homelab, using #nginx as reverse proxy and secured with a certificate from my own #StepCA based CA (Certificate Authority) that gets auto-renewed by #certbot. And this all works without any internet connection, as I also have a DNS server for my home network with the correct CNAME entry for s3.
@jwildeboer @homelab very cool, I am also planning to test out Garage after your recent posts!
How do you handle DNS settings of your end devices with that internal DNS? A lot of browsers now default to public DoH, and will thus not get the internal DNS entries. I can of course deactivate that for devices under my control, but for homelab services I want to make available to guest this is an issue I have not yet solved.
DoH only really poses an issue if you've got split-horizon DNS (i.e. there's also a public facing record).
Firefox (for example) will attempt to use DoH, but if resolution fails that way it'll fall back to local DNS (FF also has a canary domain you can use to disable DoH).
Chrome's even simpler, it just tries DoH to your system configured resolver (and falls back if DoH can't be done).
Basically, you can just DHCP your DNS as normal and it all sort of works
@ben that makes so much sense, thanks for the hint! I indeed have the same domain for externally available services as well as my homelab, I always wondered why FF would only _sometimes_ resolve correctly to my internal IPs.
What would the best approach be here? Have a completely separate domain only for the homelab? @jwildeboer what are you using here? I figured using an existing domain would make sense so I could get certs via the LE DNS challenge. Own CA would be an option, but again only for devices I control, not guests.
But anyway thanks for all the input, very valuable as I am only at the start of my homelab journey 馃槉 @homelab
Chrome based browsers should "just" work (there'll be an exception somewhere though)
For Firefox based browsers, the simplest way is to use the canary domain (you have to make use-application-dns.net NXDOMAIN).
In case you were thinking of deploying pihole onto your network: it does that automatically (https://docs.pi-hole.net/ftldns/configfile/#mozillacanary), everything does just work after that
