this post was submitted on 13 Mar 2026
1396 points (98.9% liked)
Selfhosted
57629 readers
1576 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Actually, one thing I want to do is switch from services being on a subdomain to services being on a path.
I'm getting tired of having to update DNS records every time I want to add a new service.
I guess the tricky part will be making sure the services support this kind of routing...
Why are you having to update your DNS records when you add a new service? Just set up a wildcard A record to send *.myserver.com to the reverse proxy and you never have to touch it again. If your DNS doesn't let you set wildcard A records, then switch to a better DNS.
Not OP but a lot of people probably use pi-hole which doesn't support wildcards for some inane reason
That's my case. I send every new subdomain to my nginx IP on pi-hole and then use nginx as a reverse proxy
That was my exact setup as well until I switched to a different router which supported both custom DNS entries and blocklists, thereby making the pi-hole redundant
I run opnsense, so I need to dump pi-hole. But I don't have the energy right now to do that.
Pi-Hole was pretty straightforward at the time and I did not look back since then. Annoying, but easy.
I use a MikroTik Router and while I do love the amount of power it gives me, I very quickly realized that I jumped in at the deep end. Deeper than I can deal with unfortunately.
I did get everything running after a week or so but I absolutely had to fight the router to do so.
Sometimes less is more I guess
It does support it, you just have to add it to dnsmasq. I have it Setup under
misc.dnsmasq_lineslike so:Then I have my proxied service reachable under
service.proxy.example.comI switched to Technitium and I've been pretty happy. Seems very robust, and as a bonus was easy to use it to stop DNS leaks (each upstream has a static route through a different Mullvad VPN, and since they're queried in parallel, a VPN connection can go down without losing any DNS...maybe this is how pihole would have handled it too though).
And of course, wildcards supported no problem.
Wildcard CNAME pointing to your reverse proxy who then figures out where to route the request to? That's what I've been doing - this way there's no need to ever update DNS at all :)
I find the path a bit clunky because the apps themselves will oftentimes get confused (especially front-ends). So keeping everything "bare" wrt path, and just on "separate" subdomains is usually my preferred approach.
In Nginx you can do rewrites so services think they are at the root.
Alternatively if you're tired of manual DNS configuration:
FreeIPA, like AD but fer ur *Nix boxes
Configures users, sudoer group, ssh keys, and DNS in one go.
Also lotta services can be integrated using LDAP auth too.
So far I've got proxmox, jellyfin, zoneminder, mediawiki, and forgejo authing against freeipa in top of my samba shares.
Ansible works too just because its uses ssh, but I've yet to figure out how to build ansible inventories dynamically off of freeIPA host groups. Seen a coupla old scripts but that's about it.
Current freeipa plugin for it seems more about automagic deployment of new domains.
Having a very similar infrastructure, I would love to know if you ever find anything that works for this. I've been maintaining a SnipeIT instance manually, but that's a real PITA. Tried the same with ITSM-NG, but haven't even lookid in it for months.
I had the same idea, but the solution I thought about is finding a way to define my DNS records as code, so I can automate the deployment. But the pain is tolerable so far (I have maybe 30 subdomains?), I haven’t done anything yet