this post was submitted on 09 Feb 2026
42 points (97.7% liked)

Selfhosted

56229 readers
1413 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
42
How to Use Local IP for Services when at Home? (mander.xyz)
submitted 17 hours ago* (last edited 11 hours ago) by mrh@mander.xyz to c/selfhosted@lemmy.world
35 comments fedilink hide all child comments
 

So I have some services and wireguard running locally on a "home" network. I also have wireguard, a DNS resolver, and a reverse proxy set up on a remote server. Since I don't want to expose the home IP to the public, to access my services I connect to the VPN on the remote, which then forwards my request home. But this means that when I'm at home, connecting to my local services requires going out to the remote. Is there some way to have the traffic go over the switch when at home, but go over wireguard when away, without having to manually switch the VPN on/off?

I could move the DNS resolver (which handles the internal names for the services) from the remote to the home server. But then similarly every DNS request will need to go through both the remote and home servers, doubling the hops. I'd like to use my own DNS server at all times though, both at and away from home. Which tradeoff seems better?

edit: thanks for all the suggestions, I'll look into some of these solutions and see what works best

you are viewing a single comment's thread
view the rest of the comments
[–] Shimitar@downonthestreet.eu 12 points 16 hours ago (2 children)

Going the split DNS way is doable but had other issues (android devices bypassing local DNS for example or DNS over HTTPS issues)

I set up my opnSense to redorect all internal traffic to the external IP on port 443 to my internal server ip.

Works fine, it's transparent, and doesn't mess with DNS.

[–] Zwuzelmaus@feddit.org 1 points 8 hours ago (1 children)

android devices bypassing local DNS

Can this be fixed/avoided?

[–] Shimitar@downonthestreet.eu 1 points 7 hours ago (1 children)

For now yes but the very specifics of DNS over https make that impossible if enforced one day.

[–] Zwuzelmaus@feddit.org 1 points 6 hours ago (1 children)

How?

[–] Shimitar@downonthestreet.eu 1 points 3 hours ago* (last edited 3 hours ago)

DOH goes over port 443 using https, impossible to block (unless you want to blacklist all possible URLs that might serve DNS) so cannot be redirected at network level, like with classic DNS, and uses SSL encryption so cannot be "sniffed" and redirected.

In other words: say goodbye to ad blockers based on DNS like pihole or adguard

While it seems good for your privacy, it's a dream for Google and such, where PiHoles and such DNS blockers will be useless...

[–] mrh@mander.xyz 2 points 16 hours ago (1 children)

And so when away do you just directly connect to the external IP and do port forwarding?

[–] Shimitar@downonthestreet.eu 1 points 8 hours ago* (last edited 8 hours ago)

Actually I am behind CGNAT so when away I connect to my VPS that has a nginx pointing to a wireguard endpoint to the internal server. Wireguard is also managed by opnSense but that's a choice, not mandatory.

When home, my VPS ip gets rerouted on port 443 (and 80, mandatory for let's encrypt) to the internal ip of my server.