Now that I have a mushrooming number of services running on my home network, thanks to Proxmox and the ease of spinning up containers, it’s becoming harder to track how to reach them all. For example, pihole admin console runs on port 8080 but also requires path to be /admin. Similarly, grafana portal runs on port 3000, plex on port 32400 and so on. A nice way of handling this is a reverse proxy – while a typical proxy acts as an intermediary between a client and its requests to a server, a reverse proxy sits in front of the server and acts as an intermediary for requests coming from all clients.
The most popular reverse proxy is nginx – but I went with Caddy which is just easier to setup and use IMO for a simple setup like mine.
While there are many ways to set up a reverse proxy, in my case I went with the following approach:
Since I already have pihole running as a DNS server for all devices on my network, I decided to setup a DNS lookup for a dedicated domain (which can be completely made up) and route that to my reverse proxy. Then my reverse proxy will be configured to route to different services within that domain appropriately.
I chose .home as the domain for all my LAN services – .home is a valid domain name for private networks and will not clash with an official TLD. Next you setup a custom dnsmasq configuration on the pihole server (this will depend on which Linux distribution you use – I use Debian for all my containers) in /etc/dnsmasq.d/99-custom.conf with the following contents:
address=/.home/<reverse-proxy-lan-ip-address>This tells the pihole server to automatically resolve any requests to the .home domain to the reverse proxy LAN address.
Next you can configure your caddy reverse proxy to route to different services as you desire – here’s my configuration for example
*.home {
@proxmoxhost host proxmoxhost.home
reverse_proxy @proxmoxhost https://proxmox-lan-ip:8006 {
transport http {
tls_insecure_skip_verify
}
}
@grafana host grafana.home
reverse_proxy @grafana http://grafana-lan-ip:3000
@pihole host pihole.home
# Redirect / to /admin/ for pihole.home only
@pihole_root {
host pihole.home
path /
}
redir @pihole_root /admin/
handle @pihole {
reverse_proxy http://pihole-lan-ip:8080
}
@plex host plex.home
@plex_root {
host plex.home
path /
}
redir @plex_root /web
handle @plex {
reverse_proxy http://plex-lan-ip:32400
}
@print host print.home
reverse_proxy @print https://print-lan-ip:631 {
transport http {
tls_insecure_skip_verify
}
}
@ups host ups.home
@ups_root {
host ups.home
path /
}
redir @ups_root /cgi-bin/nut/upsstats.cgi
handle @ups {
reverse_proxy http://nut-server-lan-ip
}
@prometheus host prometheus.home
reverse_proxy @prometheus http://prometheus-lan-ip:9090
tls internal
}Now, when I type https://pihole.home on my browser in my LAN, it takes me to the admin panel for my pihole server. Similarly I can navigate to the desired part of a service’s admin or user web page by using just <server>.home instead of having to remember other esoteric details like port numbers, paths etc.
Thank you for the tutorial, one modification is that apparently pi-hole no longer loads /etc/dnsmasq.d by default anymore, so you have to enable “misc.etc_dnsmasq_d = true” in the settings!