Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Possible for domain to point to a docker container? (pfSense)

Featured Replies

For the past few days I have been attempting to make so that if I type in the browser address bar, for example "nextcloud.home.arpa" pfSense would resolve that domain to a local IP, 10.10.111.3:8666 in this case.

 

I feel it's possible but I can't get it working. I just want to use domains because I can't remember all the IP's and port numbers. Domain override works but you can't enter port numbers.

I have haproxy running in pfsense which routes to specific containers wherever they are on the network

Dns names will only resolve to IPs, if you want port translation, you need a reverse proxy or similar routing mechanism in between

Do you have your own domain (like you registered/paid $10/year for it), or you're trying to do it completely free?

 

You have certificates for your domain?

 

3 hours ago, Pstark said:

if I type in the browser address bar, for example "nextcloud.home.arpa"

 

In my experience (which isn't much) that will want a secure connection with a valid SSL/TLS (call it what you want) certificate. It MUST resolve to "httpS" in most browsers or you'll get a warning (even in your own house -- the nerve) :)

 

I have this working (reverse proxy) in pfSense for both local and public and hidden addresses.

 

My time is limited. I'm following this thread.

 

MrGrey.

 

 

 

  • Author
5 minutes ago, MrGrey said:

Do you have your own domain (like you registered/paid $10/year for it), or you're trying to do it completely free?

 

You have certificates for your domain?

 

 

In my experience (which isn't much) that will want a secure connection with a valid SSL/TLS (call it what you want) certificate. It MUST resolve to "httpS" in most browsers or you'll get a warning (even in your own house -- the nerve) :)

 

I have this working (reverse proxy) in pfSense for both local and public and hidden addresses.

 

My time is limited. I'm following this thread.

 

MrGrey.

 

 

 

I'm trying to resolve nextcloud.home.arpa locally, to the docker container. I can access nextcloud from anywhere via the my WAN domain. I want an internal domain.

9 hours ago, Pstark said:

I'm trying to resolve nextcloud.home.arpa locally, to the docker container

You need your home dns server to resolve that to an IP. And you need your clients (browsers) to use that dns server. For me, this is dns resolver in pfsense, resolving to haproxy frontend

 

Further, you need something running at default web ports on the resolved IP address to proxy that host name to corresponding docker ip:port. For me this is haproxy running in pfsense. Without this layer, you can also directly resolve the name to docker IP, but then you will have to use name:port in browser

  • Author
On 4/22/2023 at 5:42 AM, apandey said:

For me this is haproxy running in pfsense.

Is there a guide to do this?

On 4/25/2023 at 12:10 AM, Pstark said:

Is there a guide to do this?

I don't know of a guide, I had prior experience with haproxy and looked up whatever I needed help for to set it up. Broadly, I think it means:

 

1. Change pfsense web UI port, so that 80/443 are freed up for haproxy

 

2. Install haproxy addon in pfsense. Create a frontend to listen at 80 or 443 on a pfsense IP (let's assume pfsense IP) . Create a backend this frontend routes to. I would start with http to begin with until you understand how it works

 

3. Have your local domain resolve to haproxy frontend IP (let's assume my.home resolves to pfsense IP) 

 

4. On the haproxy backend, create ACLs to map each app-name.my.home sub domain to it's respective ip and port wherever that app is running (the Docker ip and port in unraid) 

 

That should resolve app-name.my.home if your clients use pfsense dns

 

In my case, I have a more evolved setup:

- I have a public domain x.com

- I have mapped home.x.com to haproxy frontend IP

- I have acme plugin in pfsense to issue a wildcard certificate for *.home.x.com from letsencrypt. This allows me to setup a proper https frontend for haproxy, and this is also why I use a public domain name

- I have a https frontend running at port 443 using the wildcard certificate. This is how I access my backend apps. All my backend apps are http, so ssl terminates at haproxy

- I also have a http frontend running at port 80 which simply redirects to https. 

 

Please note my whole setup is intranet only. None of this is exposed to the internet. I use a VPN into my network if I need to access these remotely

Edited by apandey

  • 4 weeks later...
On 4/24/2023 at 9:10 AM, Pstark said:
On 4/22/2023 at 8:42 AM, apandey said:

For me this is haproxy running in pfsense.

Is there a guide to do this?

 

On 4/21/2023 at 11:29 PM, Pstark said:

I'm trying to resolve nextcloud.home.arpa locally, to the docker container.

 

It won't work. (in my experience).

 

If you want pfSense to route local it will, by default. If you want to "fool" it by not having any way to "publicly" verify a "public" certificate then, well, if you can do it, it's a security flaw.

 

MrGrey.

 

 

11 hours ago, MrGrey said:

If you want pfSense to route local it will, by default. If you want to "fool" it by not having any way to "publicly" verify a "public" certificate then, well, if you can do it, it's a security flaw.

home.arpa is not a public TLD, so you need to use a self signed certificate. Since you are signing your own, you need to add the root signing cert to trust store of clients (which should all be under your own control inside the home network). The verification will work fine, and serves the trust chain as designed

If you use a public domain, you can get a public trust certificate from any of the issuers, this is what I do

If the connection is unencrypted, none of this matters

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.