Are you tired of memorizing your self-hosted services IP addresses and ports? I was, so I figured out how to use Pi-hole and Nginx Proxy Manager to give my services local domain names without exposing them to the internet.
Local Domain Resolution vs. External: What’s the Difference
When you type a domain name into your browser like, say,https://howtogeek.com, your browser will attempt to resolve that domain to know where to direct you.
External resolutions come from whena website can be accessed from outside its local network. When you access How-To Geek, you’re accessing a server in a data center somewhere that’s on an external network compared to your home’s local internal network.
However, if you host a service at home like, say,Audiobookshelf, and access it via its IP address, then you’re accessing a local website. You can also set up a service that will let you access those locally-hosted websites with a domain name, without ever having to leave your local network.
So, in short: local domains only resolve on your local network, while external domains are accessible by anyone with an internet connection.
This is crucial to know when it comes to self-hosting services. If you expose a service (like Audiobookshelf) to the internet with an external domain, then anyone in the world with the domain address can access that service.
However, you can also make it so that way those domain requests only resolve when you’re on your home network for added security. Some services, likemy Proxmox virtual machine managerorPi-hole instances, I don’t want accessible outside my local network for security purposes.
For those, I use Pi-Hole paired with Nginx Proxy Manager to give my local services domain names, so I don’t have to try and remember IP addresses.
You Don’t Need to Purchase a Domain
You might think that you need to purchase a domain to do this. In fact, you do not. Now, I do recommend purchasing a domain, but it’s not entirely necessary.
The way that local domain resolutions work is by using a local DNS host (Pi-hole, in this instance), and having that DNS server resolve certain domains to a local IP address.
In fact, you could, in theory, build your own search engine and then have your local DNS server resolve https://google.com to that custom-built locally-hosted search engine. While this ispossible, it’s notadvisable,as re-routing public services could break great swaths of your internet browsing.
You could do the same by having your local DNS server resolve any domain you want to your services. Similar to the Google situation above, that’s not always a good idea. TakeThe Verge, for instance. In late 2011, https://theverge.com becameThe Vergeas we know it today. In early 2011, https://theverge.com was actuallyThe Verge Internet Services, a very different type of website.
So, if you pick a domain name that isn’t registered right now, or maybe one that points to a service you think you’ll never use, it’s entirely possible that domain could become useful in the future—or even necessary. Imagine someone in 2011 building out their entire homelab using https://theverge.com as the domain name, only to eventually want to viewVergearticles in the future. They’d have to migrate all of their services to a new domain, which is neither a small feat nor an easy task.
It’s best topurchase a domainfor local domain resolution, even if you don’t plan to access the services from outside your network, even though it’s not required.
Pi-hole Handles Local DNS Requests
To feasibly handle local DNS requests, you’re going to need a locally-hosted DNS server. For that, I personally use Pi-hole, though you could use any other DNS server you’d like.
I’m not going to go overhow to set up Pi-holehere, as there’s great documentation for that already.
However, once you have Pi-hole set up on your network and set as your primary DNS server, then you’ll be able to navigate to Settings > Local DNS Records and start entering your DNS records.
These can be root domains (testing.com) or subdomains (pi-hole.testing.com) depending on what you’re looking to do. I typically use subdomains so that way I can have service.domain.com as an easy to remember slug.
The main thing you’ll want to remember to do is point the IP address to the IP address of the machine that you’re running Nginx Proxy Manager on. That’s all there is to the Pi-hole side of things.
Nginx Proxy Manager Routes Your Domains Where They Need to Go
Now, once you haveNginx Proxy Managerup and running on your system (using ports 80 and 443) it’s time to get the rest of your local domain set up.
If you don’t plan to use HTTPS or SSL at all, then the next step is simple. You just have to add the domain you want to use (that you put into Pi-hole) as a proxy host.
However, if you want to use HTTPS or SSL, there are a few more steps to go through.
For starters, you’ll need togenerate a self-signed SSL certificatefor the domain you plan to use. I’ll be using testing123.me for the purposes of this article.
So, there are three commands to run:
These three commands will generate three files on your system: a CRT (the certificate itself), a CSR (unused for our purposes), and a KEY (the certificate key). The commands above are designed to be used with the domaintesting123.me, so if you want to use a different domain, just swap it in.
Also, the commands are designed to offer a wildcard certificate. It’s not a certificate for the domain itself, but any subdomain (because it’s set up as *.testing123.me).
In Nginx Proxy Manager, head to the SSL Certificates tab and then click Add SSL Certificate, then click Custom. Give the certificate a name, then upload the KEY file to the Certificate Key area and the CRT file to the Certificate area.
Now, back on the Proxy Hosts tab, you can go over to the SSL area and choose your wildcard certificate. This will give you a self-signed certificate for your SSL-enabled services.
As this is a self-signed certificate, you’ll still get a certificate warning when accessing the site, but it’ll still work for services that need HTTPS to function.
Plus, you can even add the certificate to your local CA on your computer to avoid the warning, though this is definitely more advanced and varies between operating systems.
Once you have all that set up, you’re ready to access domains locally without leaving your network! I have this set up for both of my Pi-hole instances (so I can access them without their IP) and my Proxmox instance, as I don’t want to open any of those services up to the world.
However, if you do want to make your own website and have people from all over access it, that’s actually pretty easy! In fact,you can have a website fully up and running in just a weekendusing a Raspberry Pi and Nginx Proxy Manager.
