Skip to content

Instantly share code, notes, and snippets.

@hhftechnology

hhftechnology/SplitDNSArchitecture.md

Last active December 28, 2024 04:34
Show Gist options
  • Save hhftechnology/3d5577c5b064c6dc1d3bf4340014add8 to your computer and use it in GitHub Desktop.
Save hhftechnology/3d5577c5b064c6dc1d3bf4340014add8 to your computer and use it in GitHub Desktop.
Download ZIP
Split DNS to access your local containers via domain names while keeping them secure
Raw
explanation.md

Here's the step-by-step implementation plan:

  1. Domain Setup:

    • Choose a domain (e.g., home.yourdomain.com) for your local services
    • Configure Cloudflare DNS for your public domain
    • Set up individual subdomains (e.g., sonarr.home.yourdomain.com, freshrss.home.yourdomain.com)

  2. Local DNS Server Setup:

    • Install Pi-hole or AdGuard Home as your local DNS server
    • Configure your router to use this local DNS server as the primary DNS
    • Add local DNS records to override Cloudflare: 
      sonarr.home.yourdomain.com -> 192.168.1.x (Unraid IP)
freshrss.home.yourdomain.com -> 192.168.1.x
auth.home.yourdomain.com -> 192.168.1.x

  3. Nginx Proxy Manager Setup on Unraid:

    • Install Nginx Proxy Manager container
    • Create proxy hosts for each service: 
      sonarr.home.yourdomain.com -> container_ip:port
freshrss.home.yourdomain.com -> container_ip:port
    • Enable SSL for local domains using Let's Encrypt DNS validation

  4. Authentik Configuration:

    • Set up Authentik container
    • Configure outpost for proxy authentication
    • Create providers for each application
    • Set up proxy protection rules

  5. Container Configuration:

    • Ensure containers only listen on internal network
    • Update Unraid template settings: 
      network_mode: bridge
ports:
  - '127.0.0.1:port:port'

This setup ensures:

  • Services are only accessible locally
  • Domain names work both inside and outside your network
  • Single sign-on through Authentik
  • Secure SSL encryption for all services
Raw
SplitDNSArchitecture.md 
graph TD
    subgraph Internet["Internet (Public)"]
        CF[Cloudflare DNS]
    end

    subgraph LocalNetwork["Local Network"]
        Router[Router/Firewall]
        PiHole[Local DNS Server<br/>Pi-hole/AdGuard]
        Unraid[Unraid Server]
        Auth[Authentik SSO]
        
        subgraph DockerContainers["Docker Containers"]
            direction TB
            Sonarr[Sonarr]
            FreshRSS[FreshRSS]
            OtherApps[Other Apps]
        end
    end

    Client[Local Client] --> Router
    Router --> PiHole
    PiHole --> CF
    PiHole --> Unraid
    Client --> Auth
    Auth --> DockerContainers

    style CF fill:#ff9966,color:#000
    style Internet fill:#f0f0f0,color:#000
    style LocalNetwork fill:#e6f3ff,color:#000
    style DockerContainers fill:#d1ecf1,color:#000
    style PiHole fill:#9cf,color:#000
    style Unraid fill:#9cf,color:#000
    style Auth fill:#9cf,color:#000
    style Router fill:#9cf,color:#000
    style Sonarr fill:#b3e6cc,color:#000
    style FreshRSS fill:#b3e6cc,color:#000
    style OtherApps fill:#b3e6cc,color:#000
    style Client fill:#ffb366,color:#000
Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment