Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: talowicz on June 19, 2025, 12:09:03 PM

Title: How do I properly setup local network domains and reverse proxies for services?
Post by: talowicz on June 19, 2025, 12:09:03 PM
Ive recently got into home lab'ing by running a few local-only services using docker on a spare machine I have. I have some experience with OPNsense but have never used docker before so there maybe a few crossover questions. Here is what I want to do:

Host some services on one linux machine, say 10.0.0.2 with an on device hostname of myserver. I would like to run multiple webpages and be able to connect to them by visiting different local domains. For example http://search.mylan would lead to port 80 on the server, and http://nextcloud.mylan would lead to 8080 etc.

I managed to configure a static DHCP lease to point the myserver.mylan domain to 10.0.0.2 but this still requires me to specify port numbers and I see no options to direct a domain to a certain port. Would solving this require me to tinker with docker containers or is there a solution which is built into OPNsense?

And one more thing...
I have not read much into the CA that OPNsense can run, but I assume I can use that to create my own TLS certs for my services and get https up and running. I have seen other people use a domain they have purchased in their LAN but dont really want that. Ideally I want something fully local.

Any help would be appreciated and thanks in advance.
Title: Re: How do I properly setup local network domains and reverse proxies for services?
Post by: meyergru on June 19, 2025, 12:30:07 PM
Those are two separate questions:

1. How can I get or create certificates for domains? Note, that you cannot use internal domains for external access and also, that offical CAs will not issue certificates for internal domains, so this splits up into:

a. for externally available domains, which you either buy or use a subdomain of: By using an ACME certificate. You can use the ACME plugin of OpnSense to get a certificate for those. If you own and can control the whole domain, you can even use wildcard domains and certificates, such that you do not have to create different certificates for all services, yet you can have different domains, because the wildcard matches all of them.

b. for your own, internal domains, which are not useable for access from outside your LAN: By setting up a CA and creating your own certificates like depicted here (https://docs.opnsense.org/manual/how-tos/self-signed-chain.html).




2. How can I set up a reverse proxy?

a. for access from outside: By using Caddy, HAproxy or Nginx like different howtos in the tutorial section (https://forum.opnsense.org/index.php?board=24.0) teach. Those also show how to create certificates.

b. for access from inside: For docker, the standard way is to use Traefik, but you can also use any other reverse proxy.
Text only | Text with Images