{"id":563,"date":"2025-09-13T13:53:32","date_gmt":"2025-09-13T21:53:32","guid":{"rendered":"https:\/\/nramkumar.org\/tech\/?p=563"},"modified":"2025-09-13T13:53:32","modified_gmt":"2025-09-13T21:53:32","slug":"setting-up-a-caddy-reverse-proxy-pihole-dns-for-your-home-lan","status":"publish","type":"post","link":"https:\/\/nramkumar.org\/tech\/blog\/2025\/09\/13\/setting-up-a-caddy-reverse-proxy-pihole-dns-for-your-home-lan\/","title":{"rendered":"Setting up a Caddy Reverse Proxy + Pihole DNS for your Home LAN"},"content":{"rendered":"\n

Now that I have a mushrooming number of services running on my home network, thanks to Proxmox and the ease of spinning up containers, it’s becoming harder to track how to reach them all. For example, pihole admin console runs on port 8080 but also requires path to be \/admin. Similarly, grafana portal runs on port 3000, plex on port 32400 and so on. A nice way of handling this is a reverse proxy – while a typical proxy acts as an intermediary between a client and its requests to a server, a reverse proxy sits in front of the server and acts as an intermediary for requests coming from all clients.<\/p>\n\n\n\n

The most popular reverse proxy is nginx – but I went with Caddy which is just easier to setup and use IMO for a simple setup like mine.<\/p>\n\n\n\n

While there are many ways to set up a reverse proxy, in my case I went with the following approach:<\/p>\n\n\n\n

Since I already have pihole running as a DNS server for all devices on my network, I decided to setup a DNS lookup for a dedicated domain (which can be completely made up) and route that to my reverse proxy. Then my reverse proxy will be configured to route to different services within that domain appropriately.<\/p>\n\n\n\n

I chose .home as the domain for all my LAN services – .home is a valid domain name for private networks and will not clash with an official TLD. Next you setup a custom dnsmasq configuration on the pihole server (this will depend on which Linux distribution you use – I use Debian for all my containers) in \/etc\/dnsmasq.d\/99-custom.conf with the following contents:<\/p>\n\n\n\n

address=\/.home\/<reverse-proxy-lan-ip-address><\/code><\/pre>\n\n\n\n
This tells the pihole server to automatically resolve any requests to the .home domain to the reverse proxy LAN address.<\/p>\n\n\n\n
Next you can configure your caddy reverse proxy to route to different services as you desire – here’s my configuration for example<\/p>\n\n\n\n
*.home {\n    @proxmoxhost host proxmoxhost.home\n    reverse_proxy @proxmoxhost https:\/\/proxmox-lan-ip:8006 {\n        transport http {\n            tls_insecure_skip_verify\n        }\n    }\n    \n    @grafana host grafana.home\n    reverse_proxy @grafana http:\/\/grafana-lan-ip:3000\n\n    @pihole host pihole.home\n\n    # Redirect \/ to \/admin\/ for pihole.home only\n    @pihole_root {\n        host pihole.home\n        path \/\n    }\n    redir @pihole_root \/admin\/\n\n    handle @pihole {\n        reverse_proxy http:\/\/pihole-lan-ip:8080\n    }\n\n    @plex host plex.home\n    @plex_root {\n        host plex.home\n        path \/\n    }\n    redir @plex_root \/web\n\n    handle @plex {\n        reverse_proxy http:\/\/plex-lan-ip:32400\n    }\n\n    @print host print.home\n    reverse_proxy @print https:\/\/print-lan-ip:631 {\n        transport http {\n            tls_insecure_skip_verify\n        }\n    }\n\n    @ups host ups.home\n    @ups_root {\n        host ups.home\n        path \/\n    }\n    redir @ups_root \/cgi-bin\/nut\/upsstats.cgi\n\n    handle @ups {\n        reverse_proxy http:\/\/nut-server-lan-ip\n    }\n\n    @prometheus host prometheus.home\n    reverse_proxy @prometheus http:\/\/prometheus-lan-ip:9090\n\n\n    tls internal\n}<\/code><\/pre>\n\n\n\n
Now, when I type https:\/\/pihole.home on my browser in my LAN, it takes me to the admin panel for my pihole server. Similarly I can navigate to the desired part of a service’s admin or user web page by using just <server>.home instead of having to remember other esoteric details like port numbers, paths etc.<\/p>\n","protected":false},"excerpt":{"rendered":"
Now that I have a mushrooming number of services running on my home network, thanks to Proxmox and the ease of spinning up containers, it’s becoming harder to track how to reach them all. For example, pihole admin console runs on port 8080 but also requires path to be \/admin. Similarly, grafana portal runs on…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-563","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/posts\/563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/comments?post=563"}],"version-history":[{"count":1,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/posts\/563\/revisions"}],"predecessor-version":[{"id":564,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/posts\/563\/revisions\/564"}],"wp:attachment":[{"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/media?parent=563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/categories?post=563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nramkumar.org\/tech\/wp-json\/wp\/v2\/tags?post=563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}