Hi there, I want to run a small home server in my local network. Not access to the server from the internet, no global domain. I have set it up with a .local domain like derp.local and the /etc/hostname file contains that name as well. So far so good, I can access the web interface from my devices.
However, there are applications like Immich which require their own domain. I was thinking that I could just come up with another .local domain like photo.local. But then how do I get access to immich when derp.local and photo.local are the same machine? I can add <server-ip> photo.local to my /etc/hosts file on my computer, but that won’t do me any good if I want to connect from my phone.
Is it even possible to run immich or other software that needs its own domain in a local network or do I need a public domain? I don’t really want to buy a domain and I would rather not waste a charity’s resources for a free domain. I
What would I have to do if I don’t want to run a second machine? And if I did want to run a second machine, how powerful would it need to be? Could a single-board computer with an SD card handle the work? I have never done anything with networking beyond connecting my devices to the W-LAN.
My router supports setting up two DN servers. Could I make the YunoHost server the primary DNS and then set up some public DNS on the internet as the secondary one in case the home server is off?
The way I understand it whenever device A (let’s say my phone) tries to connect to derp.local it sends a “request” to the router, the router then consults the DNS to get an IP address, and then forwards the request to the machine at that address. Is this correct? Is it possible to find out what I am using right now? The default setting of the router is “automatic”. It’s a Vodafone EasyBox in case that helps.
You do not need a second machine, you merely have to open your YunoHost server’s port 53.
Do not open it on your router firewall, as you do not want it to be accessible from the Internet.
However, you should set your first DNS as your YunoHost’s server IP address in your router’s DHCP settings.
I have changed the main domain to derp.internal, and I can log in just fine. Next I created the domain webmin.derp.internal and installed Webmin to it because it wants its own domain. However, I cannot access webmin.derp.internal from my computer.
Is this a chicken & egg problem where I need a DNS server to get to the domain, but I need to get to the domain to set up the DNS server? Should I just install bind9 manually and read its manual until I can configure the DNS myself? What is the recommended reading so I actually know what I’m doing instead of poking at things until something works?
No need to install bind9, YunoHost’s owndnsmasq should be enough. I am unsure if it needs further configuration, try it without first: make sure that port 53 is open on the YunoHost firewall (but NOT on your router), and have your devices use it as main DNS (either configured on each one, or on your local network DHCP configuration). Put a privacy-friendly open-resolver as backup secondary DNS (YunoHost has some in /etc/resolv.dnsmasq.conf).
Otherwise, I have recently published a more complex tutorial that uses a VPN (which is a bit overkill for what you want to achieve).
The subdomains do not work with .local domains.
There is no limitation on .internal domains, as long as there’s a DNS with the proper records reachable on the network.
Thanks, dnsmasq works great. Now I can access subdomains in my browser as well. However, since the domain in local I don’t have any certificates and HTTPS does not work. In the browser that’s not a big issue since I can just choose to trust the certificate on the fly, but it looks like applications have a problem. Immich on my phone says “Server is not reachable” and NextCloud cannot reach the OnlyOffice end point, it gives me a cURL error code 6 (Could not resolve host).
Is there a way to get HTTPS working in the local network?
That’s the downside of using private domains: Let’s Encrypt cannot verify them.
You need to download the private Certification Authority’s certificate of your server from /etc/ssl/certs/ca-yunohost_crt.pem and add it to each of your device’s trusted certificates.
I see, thank you. I’ll have to think about whether it makes sense to do this per device or if I should just get a public domain and set up dynamic DNS instead. It would have the upside that the server could also be reached from the internet, the downside is that I would have to keep it updated at all times.
Hi, I’m trying to do a similar setup to yours and wanted to ask: did you have to do any additional configuration to get dnsmasq working, after opening the firewall?
I tried opening the ports with,
yunohost firewall allow Both 53
and set my machine’s IP address as the DNS server, but dnsmasq doesn’t seem to be responding to any queries from my other devices on the local network. (I can still access YunoHost through the .local domain I initially setup, but not through any .internal domains)
Sorry for the late reply. I do not think that I had to do anything extra. I had to set the YunoHost machine as my DNS server in my WiFi router settings for the other devices to use it.
No worries. I finally got it working after several tries and restarting (not reloading) the firewall and dnsmasq. I am not sure which of those made it finally start working, but it has been working smoothly since then.
Hopefully the next person who tries this can keep track of which of those steps is necessary
