• state_electrician@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    4
    ·
    4 months ago

    I found options like .local and now .internal way too long for my private stuff. So I managed to get a two-letter domain from some obscure TLD and with Cloudflare as DNS I can use Caddy to get Let’s Encrypt certs for hosts that resolve to 10.0.0.0/8 IPs. Caddy has plugins for other DNS providers, if you don’t want to go with Cloudflare.

    • kudos
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      Might be an idea to not use any public A records and just use it for cert issuance, and Stick with private resolvers for private use.

      • state_electrician@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        It’s a domain with hosts that all resolve to private IP addresses. I don’t care if someone manages to see hosts like vaultwarden, cloud, docs or photos through enumeration if they all resolve to 10.0.0.0/8 addresses. Setting up a private resolver and private PKI is just too much of a bother.

        • fine_sandy_bottom@lemmy.federate.cc
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          My set up is similar to this but I’m using wildcards.

          So all my containers are on 10.0.0.0/8, and public dns server resolves *.sub.domain.com to 10.0.0.2, which is a reverse proxy for the containers.