Reverse proxy and Reverse DNS for YunoHost installation

Support
,
6

Hey again,

Some follow up documentation for other fellow learners. :hugs:
I knew I’d seen alternative ways to set up reverse DNS somewhere, and just found a link I had been referring to.

If there are more experienced folk reading, would you clarify or point in a better direction if you know of other options? Or reasons to not use any of the below strategies. :crossed_fingers::pray:

Ways to set up reverse DNS - or equivalent - for yunohost

1. With your internet service provider

As in the instructions in the error message in Yunohost web admin (see screenshot above).

Depends on

  • Being able to communicate with your ISP
  • ISP being willing and able to set up the PTR record
    (I found an accessible way to be in touch with my ISP! But… My ISP’s reverse DNS tool doesn’t recognise my domain as valid, despite it being so. So I guess ISP helpfulness should not be assumed :man_shrugging:)

2. Via dynamic DNS service

See instructions here:
https://help.dyn.com/setting-up-reverse-dns/

Depends on

  • Being able to communicate with your ISP
  • ISP allowing delegation of reverse DNS zone

3. Via a VPN you set up on Yunohost

VPNs assign their own IP address, so they remove the need to communicate with the internet service provider (ISP). The mechanism that resolves DNS in VPN settings is not called “reverse DNS” when it is in a VPN, but my understanding is that it does the same thing, security-wise. So hopefully it will either remove the Yunohost diagnosis error, or allow us to confidently ignore it.

Depends on

  • Being able to navigate VPN interface or configure it via command line
  • Making instructions for other server set ups work on Yunohost

From what I can tell, Wireguard is a solid option for VPN on Yunohost. I’ve installed Wireguard successfully, but haven’t been able to set it up to work in this way yet.

Here is a handy guide I am planning on following (for the Wireguard parts only) in case anyone else wants to try:

4. Via VPN set up elsewhere on your local network

Set up a VPN somewhere on your home network that protects everything on the home network, including yunohost. This would feed its own IP settings to the yunohost install.

This seems like a ‘cleaner’ VPN-handling-DNS-drama option to me, meaning theoretically and semantically easier. It seems easier because it’s more clearly separate to yunohost. The down side would be inconvenience if/when moving a yunohost install somewhere else. I understand from the official docs that ease of moving yunohost servers is a big reason folks use VPNs on Yunohost, so a separate VPN would disadvantage people who need this.

Depends on

  • Having extra hardware to run the VPN on
  • Being able to navigate and configure the VPN via UI or command line
  • Making the VPN play nice with to your router and yunohost

5. Via router settings

My fritzbox doesn’t do this, but I seem to remember reading that other routers can. Maybe @tituspijean has referred to it being possible with other hardware?