this post was submitted on 25 Oct 2025
59 points (96.8% liked)

Selfhosted

59897 readers
525 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
59
Internal domain and reverse proxy (lemmy.zip)
submitted 7 months ago by jobbies@lemmy.zip to c/selfhosted@lemmy.world
29 comments fedilink hide all child comments
 

I'm going round in circles on this one.

What I want to do is:

  • serve up my self-hosted apps with https (to local clients only - nothing over the open web)
  • address them as 'app.server.lan' or 'sever.lan/app'
  • preferably host whatever is needed in docker

I think this is achievable with a reverse proxy, some kind of DNS server and self-signed certs. I'm not a complete noob but my knowledge in this area is lacking. I've done a fair bit of research but I'm probably not using the right terminology or whatever.

Would anyone have a link to a good guide that covers this?

you are viewing a single comment's thread
view the rest of the comments
[–] non_burglar@lemmy.world 1 points 7 months ago

If you're on the same subnet, no amount of reverse proxy will help with dodgy apps. It's more appropriate to put the dodgy iot in a DMZ to control what they can do.

Putting https on these is fine, but it's not a solution to isolating bad clients.