this post was submitted on 01 Apr 2024
13 points (81.0% liked)

Selfhosted

39937 readers
358 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

So, at the moment I'm using Nginx Proxy Manager, but lately I started seeing it moving slower and slower and even though I tried traefik some time ago, I didn't manage to make it work.

Anyway, I want to start using traefik again, but I want to use it like this:

  • I want to access all my services/containers in my LAN through http (port 80) on something like sub.mylan.home
  • I want to access some of my services over the internet through https (port 443) on sub.mydomain.com

I know this is possible, but I don't get the hang of the configuration. Somone care to share some tips?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 7 months ago

It can happen that your internal services are still reachable from externally, by calling the external IP and setting the Host header manually to sub.mylan.home, even if that were pointing to an internal address. Traefik would only compare the Host header. To secure this you might also add an IP filter for the internal host, but I‘m not sure whether that’d be secure enough.