Walking the dog and realized that it might actually help someone if I wrote a blog post about how I use DuckDNS, LetsEncrypt, and Caddy to get a wildcard domain with TLS without exposing any ports on my home network - and how that can unblock people experimenting with bare-metal #kubernetes. #HomeLab#networking
@furicle short version: you can tell DuckDNS to route to a private address (192.168.0.2, for example), they’ll give you a wildcard DNS. There’s a LetsEncrypt-DuckDNS plugin for Caddy which satisfies a challenge from LetsEncrypt by adding something to your DNS record. You’re depending on two cloud services, but very little information actually leaves your local network and it works for all machines on that network without touching each one.
@c0dec0dec0de Yes! Because someone will hit that exact use-case at a later time and will love that you've described how you do it.
I can't tell you how many times i've tried to do someone off the beaten path and found a tiny blog that details how they did it, and it got me 90% the way towards a working solution for me.
Add comment