Hey everyone, asking here since I’ve been trying (and failing) at the numerous guides online. The end goal is so that I can have proper Let’s Encrypt certs for my self hosted servers to include VaultWarden (which will not work with self-signed or http) as well as have easy urls for myself and family to use.

So I am trying to setup my Porkbun domain with my Opnsense nginx plugin in order to resolve the address (such as navidrome.example.com to my local server’s navidrome instance @ 192.168.1.99:4533). I attempted this guide here as well as trying to configure a separate nginx on the server itself. I haven’t had much luck with these guides either.

Any address outside of router.example.com results in a connection failure. Including when I tried to route everything like navi.router.example.com. This is with and without wildcards in the A Record entries on Porkbun’s DNS control panel. I’ve tried *.example.com, *.router.example.com, navidrome.example.com, navidrome.router.example.com.

Sorry if this seems like a simple problem or if I am missing a massive step, I am complete newbie at self-hosting/networking.

edit: Finally got it working with the simple urls resolving to the proper self-hosted services and with proper CA certs. Thank y’all for the help and advice!!

  • breakingcups@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    10 months ago

    You’re not entirely clear on whether you want these services accessible from the internet or just internally. If the latter, change ACME settings to use DNS challenges instead of HTTP. If the former, recheck your dns records, maybe post them here (censored if you wish).

  • m_randall@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 months ago

    First off - you don’t explicitly say so I just want to double check - you’re not using example.com as the actually domain correct?

    If not the next thing to do would be to check out what DNS is doing. You can use the dig command to see what IP address is being returned for the domains you’re trying to hit.

    dig +trace may be useful as well.

      • m_randall@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Is that expected? Otherwise check to make sure DNS settings for the domain are correct (eg ns records dig NS example.com IIRC).

        • dontwakethetrees (she/her)@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          So following dig ns domain in terminal vs web app on my phone (shared by another commenter and I had checked lemmy on mobile): my computer was resolving with a couple of different odd results including my public ipv6 address. On mobile it resolved properly.

          Checked my DNS and my computer’s dns had my public ip in the listing. So now after removing that, the domain resolves to the wildcard (which dumps at my opnsense router and throws the dns rebind error). So I’m assuming that should be it?

          Now I should only have to resolve configuring nginx properly.

          Thank you for suggesting the dig command!

          • m_randall@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            Excellent! Nice work.

            I don’t know what dns rebind is but once DNS A records are pointed to the right place then it’s just a matter of setting up the rest of your stuff.

  • rambos@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    Let’s Encrypt certs for my self hosted servers to include VaultWarden (which will not work with self-signed or http) as well as have easy urls for myself and family to use.

    Im not expert, but Im using VaultWarden with self signed certs. Note that I didnt open it to public and I didnt buy a domain. I just made up a domain name and Im using wireguard to get access (together with NPM and pihole)