this post was submitted on 13 May 2026
126 points (97.7% liked)
Technology
84603 readers
4308 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Thank you for your answer.
My problem is, that I would like to keep my (Docker) services like Silverbullet.md in my local network only and reach them exterally by Wireguard VPN.
Before https I reached my services with <ip>:<port>, which worked fine with VPN. As mentioned here, there are now only a few options to get https without open everything to the world:
Set my local servers ip as localhost by ssh ( ssh -N -L 3002:localhost:3000 user@someip) which works, but needs to be added for every client and every access.
Add a hosts file entry (e.g. silverbullet.lan 192.168.1.123) on every client to access the local server and add a Caddyfile entry with a selfsigned certificate.
Put a local DNS server like dnsmasq or bind9 in my network and add local domains there (like silverbullet.lan) and use Caddy again for SSL. That's the point where I haven't figured out how to get it running over Wireguard VPN.
I don't want to rely on external services like Tailscale.