Hey all. Ive been hosting some software for a while now, some private, some public stuff.

Recently ive gotten myself a domain name, and i’m trying to come up with a good way to have access to both the public AND the private on the same URL. Simpleton that i am i thought about putting the public in an inline frame with a banner with links at the top, but im sure there are better ways.

Any ideas how to do this from this community?

  • Midas@ymmel.nl
    1 year ago

    Not sure if I completely understand but I think you want public service 1 accessible on subdomains s1.domain.com and internal service 2 on s2.domain.com?

    Just point the A record for s2 to an internal ip address (or a tailscale ip). The only thing dns does is translate a (sub)domain to an ip address. So outside of your network s2.domain.com wouldn’t resolve but inside your network it would.

    • Encrypt-Keeper@lemmy.world
      1 year ago

      Or just louse one, and then run a local DNS resolver like pihole or AdGuard home and just make a record for the same host locally. The local DNS resolver will resolve the local request before it reaches the public DNS.

  • Midas@ymmel.nl
    1 year ago

    Not sure if I completely understand but I think you want public service 1 accessible on subdomains s1.domain.com and internal service 2 on s2.domain.com?

    Just point the A record for s2 to an internal ip address (or a tailscale ip). The only thing dns does is translate a (sub)domain to an ip address. So outside of your network s2.domain.com wouldn’t resolve but inside your network it would.

  • jbarr@lemmy.world
    1 year ago

    For publicly accessible services, look into Cloudflare Tunnels. For private or restricted access services, add a Cloudflare Application to the Tunnel. The Tunnel provides a VPN connection without exposing ports on your router, and the Application provides authentication for access.

  • bless@lemmy.world
    1 year ago

    So I run windows AD and have windows dns inside and cloudflare outside. I also run NPM for the web prox in my DMZ.

    On the inside DNS I point the A record for NPMProxy.domain.com to the IP of my npm server. I than setup service1.domain.com inside npm to forward requests to the web server setup for service1. I than setup the CNAME record for service1.domain.com to point to NPMProxy.domain.com. This should complete your inside.

    Outside I set the A record on cloudflare for service1.domain.com to my public IP address which will route again to NPM. This will complete the outside connectivity.

    Make sure your firewall rules are set and proper ports open and you should be golden.

  • ThreeHalflings@lemmy.world
    1 year ago

    Sounds like what you are tyring to do is called Split Horizon DNS.

    Requests from outside your network should resolve server.domain.com to the public IP, but requests from inside your network should resolve it to the private IP.

    If that’s what it is then you register the public IP with your nameservers. You also run a DNS service internally which you point all your computers at (likely by putting it as the DNS server in your networks DHCP settings). That DNS server is set up to return the private ip addresses for all your servers, and to forward any other requests to some external DNS like

    I’m not sure what your use case or for needing to use the internal IP address from inside the network, but it might be to avoid traffic exiting your network just to be sent back in? Or you me a that you want external requests to go to one server and internal to go to another server? I’m which case the set up above still works, but on just use the appropriate IP addresses in the appropriate places.

  • Lem453@lemmy.ca
    1 year ago

    Everyone is suggesting cloud flare tunnels which can be easy to use but locks you into a proprietary service. If you want to self host everything, you can set it up yourself with a reverse proxy like traefik


    You will end up with service.local.domain.com and service.domain.com for local only apps and internet facing apps, all using HTTPS.

    If you are familiar with traefik, watch a tutorial on that first, then come back and watch the above video.