On my Lan I have 192.168.1.111 hosting a bunch of various services not containerized. All connections are done either from my internal lan or from wireguard going through 192.168.1.111 so no external traffic bar wireguard.
I’ve set the host name of 111 in the hosts file inside the router and 111 and it works for all devices expect the ones connecting via wireguard.
But I dont want to have to use hostname+port for every service, I’d like each service to have its own name. I’d also like certs.
Can someone point me in the right direction for what I need to do? I’m thinking maybe this requires a local DNS server which im hesitant to run because im happy using 8.8.8.8.
For certs do I create a single cert on the 192.168.1.111 and then point all the applications to it?
To do this properly, you’ll need to set up a reverse proxy that publishes your different ports on different IP addresses.
Then you can use DNS or (locally) a hosts file for name resolution.
Yes, reverse proxy, but you don’t want to publish on different IP addresses. Your services should bind to one IP, different ports, and the reverse proxy accepts it all on 443 and routes it based on the host header.
I use traefik for this, set labels in the docker compose and it Just Works. It also gets certs for me based on the acme DNS challenge. Some people use caddy instead of traefik and they seem happy with it.
Ideally the services should only bind to localhost and not 0.0.0.0 or similar as well. Allowing both proxied and non-proxied requests will 99/100 times cause problems, and then one time it doesn’t it is just confusion for no benefit.