• @[email protected]
    link
    fedilink
    English
    43 months ago

    I found options like .local and now .internal way too long for my private stuff. So I managed to get a two-letter domain from some obscure TLD and with Cloudflare as DNS I can use Caddy to get Let’s Encrypt certs for hosts that resolve to 10.0.0.0/8 IPs. Caddy has plugins for other DNS providers, if you don’t want to go with Cloudflare.

    • @[email protected]
      link
      fedilink
      English
      33 months ago

      Might be an idea to not use any public A records and just use it for cert issuance, and Stick with private resolvers for private use.

      • @[email protected]
        link
        fedilink
        English
        33 months ago

        It’s a domain with hosts that all resolve to private IP addresses. I don’t care if someone manages to see hosts like vaultwarden, cloud, docs or photos through enumeration if they all resolve to 10.0.0.0/8 addresses. Setting up a private resolver and private PKI is just too much of a bother.

        • @[email protected]
          link
          fedilink
          English
          13 months ago

          My set up is similar to this but I’m using wildcards.

          So all my containers are on 10.0.0.0/8, and public dns server resolves *.sub.domain.com to 10.0.0.2, which is a reverse proxy for the containers.