hey folks!
finally starting with my homelab and i have adguard and homer up and running! i am having a couple of issues however, and i haven’t really found much that makes sense to me yet (sorry - super new!):
i’m on ubuntu server FWIW
initially, i could only access the adguard web interface via the ip with the port number - i.e. 10.0.0.1:3000; after i started up Homer, though, i could only access it without the port. not sure this is so much a problem, but i think it may have some impact on my actual problem, which is:
i want to configure domain names for the services on my intranet, so i initially tried to use adguard to do this. my first problem arose when i couldnt type port numbers in the DNS rewrite, so i couldn’t access my homer via DNS because that IP only redirected to my adguard. due to this, i read that possibly setting up nginx proxy manager and creating a reverse proxy would be good practice so that the proxy could divvy up the domain names itself. so i spun that up in docker, but now i can’t start adguard because port 443 is taken by nginx (which i thought could solve this port conflict issue?) - any idea how i can go about this to allow both adguard to run with nginx and help solve my domain name issue with nginx?
i’m just looking for some general direction to help my understanding - definitely don’t want y’all to do homework for me haha; and apologies if these are dumb questions - genuinely just trying to skill up in linux b/c this is the first time i’ve seriously used it
Dns only handles to domain but not the port. So if you have a client that normally just checks 80 or 443, that’s what it’ll assume you want, which is a pain.
There are two paths I’d say would be reasonable. The first is adding more IP addresses to the host so you can publish the docker port to a specific access. Then you don’t need the port. You will have to specify specific addresses to listen on so services like nginx don’t just listen on all IPs on the host.
The other thing would be to change your nginx config to have multiple
serverdirectives that looks for specific Host headers and point each server to what you want viaupstreamdirectives that can have the port specified. http://nginx.org/en/docs/http/ngx_http_upstream_module.html for details.If you need more than that, let me know and I’ll see if I can paint you in the right direction.
I’m not familiar with homer so I can’t say if that would need any configuration but a general outline of what you want to do would go like this:
You want to run adguard on another port and let your reverse proxy manage ports 80 and 443. After that make sure your machine/network is using adguard for its dns and write your domains to the machines IP and the applications port. If adguard doesn’t support ports like you seem to think then find another dns service to use that does. It’s been a minute but I think I remember pihole having that functionality. Then configure your reverse proxy to route domains to localhost ports and configure ssl certs if needed.
Not dumb questions! All part of the learning process.
A dns entry by nature only points to an ip address, and when you go to that address in a web browser without a port manually specified, your browser will by default connect to port 80 (http) or port 443 (https) on that address.
I’m going to explain using port 80 to start, since you don’t have to setup ssl certificates that way.
Your reverse proxy should be the thing listening on port 80, where it will proxy those requests by hostname (your dns entries) to the ports each other service is listening on. For example, the Adguard web ui should be at port 3000 (its default, I think) instead of 80/443, and in your reverse proxy config you’ll set it up have requests to http:// your-adguard-hostname.yourdomain.tld reverse-proxy to port 3000. Put your other services on other ports (ports in the 8000s are common for this), and have your nginx config point to them by hostname.domain.tld the same way.
Set up that way, when you go to http:// adguard.your-domain.tld in your browser, your request will hit your server on port 80 where your reverse proxy is listening, and your reverse proxy will send it to port 3000 where adguard is listening. You could also go to http:// adguard.your-domain.tld:3000 to bypass the reverse proxy.
As an aside, Adguard will also be listening on port 53 for dns requests, and the dns entries for all of the services you set up will be looked up through that port, not the web proxy.
You can apply the same process to port 443, but it gets more complicated because you need to set up ssl certificates for that. For simplicity, you can set up a single self-signed wildcard certificate for your reverse proxy to use, and you don’t usually need ssl between the reverse proxy and other services on the same server. Your browser will complain about the self-signed certificate, but if it’s all internal it’s okay. Setting up proper certificates for each hostname.domain.tld is a whole other rabbit hole, but great to learn and great to have done.