Hey everyone, asking here since I’ve been trying (and failing) at the numerous guides online. The end goal is so that I can have proper Let’s Encrypt certs for my self hosted servers to include VaultWarden (which will not work with self-signed or http).
So I am trying to setup my Porkbun domain with my Opnsense nginx plugin in order to resolve the address (such as navidrome.example.com to my local server’s navidrome instance @ 192.168.1.99:4533). I attempted this guide here as well as trying to configure a separate nginx on the server itself. I haven’t had much luck with these guides either.
Any address outside of router.example.com results in a connection failure. Including when I tried to route everything like navi.router.example.com. This is with and without wildcards in the A Record entries on Porkbun’s DNS control panel. I’ve tried *.example.com, *.router.example.com, navidrome.example.com, navidrome.router.example.com.
Sorry if this seems like a simple problem or if I am missing a massive step, I am complete newbie at self-hosting/networking.
You must log in or register to comment.
New Lemmy Post: Configuring Porkbun DNS for internal IPs (https://lemmy.world/post/12370461)
Tagging: #SelfHosted(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)
I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md
First off - you don’t explicitly say so I just want to double check - you’re not using example.com as the actually domain correct?
If not the next thing to do would be to check out what DNS is doing. You can use the
digcommand to see what IP address is being returned for the domains you’re trying to hit.dig +tracemay be useful as well.Nope, just substituted out my domain for the post.
Ran dig +trace and my domain and it returned a 100.x.x.x#53 public domain address.
Is that expected? Otherwise check to make sure DNS settings for the domain are correct (eg ns records
dig NS example.comIIRC).
You’ve got two parts here, name resolution and certs. Make sure name resolution works first.
I don’t know if Porkbun is different, but in namecheap, I created a wildcard record. Let’s say I have the domain example.com, and my server is server.example.com, and it hosts a bunch of docker containers like jellyfin and radarr, at jellyfin.example.com and radarr.example.com. So I created a wildcard A record with name * and value 192.168.1.20. This means when I try any domain under example.com that doesn’t have a more specific record, I get that IP back.
You can test name resolution from your own PC with dig (Linux) or nslookup (Windows). Be mindful of which server you’re using for lookups when you do this. To check the perspective of a client outside my network, I like https://digwebinterface.com/. And always remember that it takes time for DNS changes to propagate.
After that I just used acme plugins for Proxmox and traefik to get let’s encrypt certs individually and automatically, but you could also get a wildcard cert for *.example.com by any method, from any provider, and install it yourself.
You’re not entirely clear on whether you want these services accessible from the internet or just internally. If the latter, change ACME settings to use DNS challenges instead of HTTP. If the former, recheck your dns records, maybe post them here (censored if you wish).
