DNS/Hostname approach

As mentioned in the Goals section, I wanted to have all services accessible on their own domain name. Luckily in this day and age, it’s pretty easy to create a wildcard TLS certificate. Especially when I learned that there is a plugin for Treafik that integrates with Cloudflare directly.

As Cloudflare offers a DNS service for free accounts (they want you to get used to their service and expand what you use from them) which is accessible via an API.

My DNS approach is as follows:

  • *.jipmoors.nl – these services are public
  • *.home.jipmoors.nl – these services are private
    • If you add a DNS entry to your machine and guess what the service is called, you could connect to it from the internet

I’ve configured Traefik to create SSL certificates via LetsEncrypt. This plays nicely with Cloudflare because it allows me to enable server to server validation and Cloudflare is able to proxy any traffic – obscuring my home IP address from the DNS configuration the world can see.

Discovering and using the local services easily

To use the services on the local network, the configuration looks as follows.

  • Server 1 has a dnsmasq service – this looks at the /etc/hosts file to know what IP address belongs to what domain name
  • The networks in the infrastructure have the local DNS service (server 1) configured as primary DNS – this is automatically available for all connected devices
  • Server 1 also has a VPN service (wireguard) – this configures the local DNS service to be used when a client connects to the VPN

Advertisement blocking

I ran a PiHole service in the past, but I was annoyed by the additional buffer time it added when watching YouTube and other streaming services. As we’ve got a YouTube premium account (and YouTube Music) we never see any advertisements on YouTube anyway. The rest of the internet is mostly manageable, especially when you pay for the apps you love and use regularly.

At this point we don’t have any network-wide advertisement blocking service active. I did like the generalised approach of having one DNS service that just prevents most advertisement requests from reaching the servers.

« Back to my home network index