Spoilers
Tailscale is way easier than this... I was doing this local DNS overwrite in Pi-hole before running tailscale and I haven't just totally "kicked the habit" yet, so for anyone NOT running tailcale, but wanting local HTTPS and using Pi-Hole this method would work fine
Intro
I use pihole as my DNS server at home. I run unbound as well and have a pretty standard setup from their docs.
Pi-hole does 2 primary things for me:
- dns sink-hold, the primary use case I believe
- local SSL for all my self-hosted apps
Caveat
I know for sure there are better ways to do this, but there's also worse ones... so for now this has been my pattern, and it's only bitten me in the butt when I've forgotten to add the final CNAME record... which'll make sense in a sec.
Process
It's really quite simple - in pihole I have a DNS record for my domain pointing to my primary server
Then for each service that I want to keep everything resolved locally for I add a CNAME
With DNS resolving this way for clients using my pihole, the networking all stays local and I still get HTTPS for my wildcard cert in cloudflare
Why?
The reasons I do this are simple:
- I've been doing it since I started homelabbing and it started out of misunderstanding of how networking works at all
- I use a home dashboard with https:// links, and it's nice to just use that same dashbaord publically or at home. With local DNS resolution then I can whitelist some services, but conveniently access over the public url with https but routing such that my whitelist let's me in when it wouldn't if I tried to access the service from an external client
- it's my homelab - I can do what I want
It's too complicated
Honestly, as simple as this is, it is tedious and kind of complicated... There's options to make it better...
- script any service deployment to update the pihole /etc/host file
- just use tailscale...