this post was submitted on 08 Aug 2024
502 points (99.2% liked)

Selfhosted

60426 readers
433 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] kudos@lemmy.ml 3 points 2 years ago (1 children)

Might be an idea to not use any public A records and just use it for cert issuance, and Stick with private resolvers for private use.

[–] state_electrician@discuss.tchncs.de 3 points 2 years ago (1 children)

It's a domain with hosts that all resolve to private IP addresses. I don't care if someone manages to see hosts like vaultwarden, cloud, docs or photos through enumeration if they all resolve to 10.0.0.0/8 addresses. Setting up a private resolver and private PKI is just too much of a bother.

My set up is similar to this but I'm using wildcards.

So all my containers are on 10.0.0.0/8, and public dns server resolves *.sub.domain.com to 10.0.0.2, which is a reverse proxy for the containers.