I've finally bought a domain name!... No what do I do?

After having my eye on a unused but taken domain name for the last 3+ years, I finally managed to snag it and make it mine. No one else in my family quite gets why I’m so happy but that’s how it goes.

The plan is to use subdomains to make it easier for the non-tech literate members of my family to use stuff I’m self hosting, such as Plex / Emby, Nextcloud, Vaultwarden etc. The one thing I know is that I want said services to be accessed via a reverse proxy on my pfSense router, using subdomains such as “cloud.wendellgonewild.com” (which is actually available :rofl:)… and possible some kind of Oraganizr style dashboard for all the services, so the old folks don’t have to actually know the addresses.

But I have to admit that I just don’t know what the next step is… I feel like I’m going around in circles trying to get my head around SSL, DNS, CNAMEs, FQDNs, not to mention any configeration changes that need to be made to the application specific config files or turnkeylinux’s built confconsole / stuff.

Could someone please point me in the right direction?.. I’m not asking to have my hand held, I just need to know where to start.

2 Likes

So I run sub-domains for various services. If you don’t have a wildcard SSL cert you will want one. Then you set up a wildcard dns redirect that points at your DDNS client.

https://docs.netgate.com/pfsense/en/latest/services/dyndns/index.html

After you have your DNS redirects working then set up HAproxy on pfSense

https://docs.netgate.com/pfsense/en/latest/packages/haproxy.html

Anything that isn’t hosted on your wildcard redirect you will need to put specific redirects into your domain provider (ex. *.yourdomain.com goes to your pfsense instance but you have a blog hosted on squarespace so you will need a www.yourdomain.com that points to squarespace).

The biggest PITA is learning how HAproxy works. After you figure out the workflow then getting more services available is super easy. Especially if you run a lot of docker containers it makes it quick and easy.

1 Like

I know the feeling. I have a pair of domains myself as well.

Dont forget to use your personal domain with your email as well, so people can message you at your personal domain instead of gmail, yahoo, etc. :+1:

2 Likes

If you have a decent provider they have a KB about this for “newbies” :slight_smile:
Common Questions about DNS Records | Domain Names - FAQ | Gandi Documentation — Gandi Documentation documentation etc

Whats cool about this is that you can transfer service if for some reason Google, Hotmail or Yahoo will ever ban you

I did this recently, and I went the Nginx Proxy Manager reverse proxy route first all - what a ball ache seriously, I got it to work but it was painful to set up and maintain, a ton of reading just ate up hours of my life - for someone who knew nothing to begin with…

Now I use cloudflare tunnels.

Click click - oh its live.

I have subdomains for everything and it works like a charm.

I am sure there are arguments for and against both, but if you just want something that works - which is also free - then Cloudflare really does offer a great solution.

man, i don’t know if i am lazy or old school but i did not do near that much work.

my ISP public IP address is dynamic, but the equipment is always online so it almost never changes, and even on the rare time it has changed, it takes me about 12 minutes to update public DNS.

i have a multi-host Apache2 webserver, and letsencrypt SSL certs, for the webserver, proxmox, emby, etc. the webserver is in a DMZ with a software firewall installed on it. and then my primary firewall does port forwarding as well as a bit more security.

bing, bang, done.

2 Likes

This is actually a cool thing to do, but if you want to use your own domain for email I suggest using it with one of the big mail providers ( you sign up with them and point MX records in DNS to their servers).l like Google or Microsoft.

Doing this on your home internet connection, particularly with a dynamic address, is a decidedly less than ideal way to go about it. You want your mailbox to always be reachable. In many cases email is involved in maintaining the rest of your digital life. You need it to work all the time, every time. And then there’s the hassle of many large mail providers blacklisting IPs that ISPs are known to dynamically offer to consumer connections so messages you send may not get delivered or may go to spam. Or maybe the last person to have the IP you have now, did something nasty and now that address is propagating through blacklists the net over, causing your mail server to be considered persona non grata.

This article covers the challenges of self hosting email at home in greater detail.

Ultimately it’s your choice to do it or not, but if you choose to, just be aware of some possible pitfalls and challenges.

Many of those pitfalls can be avoided by using your own domain but with a Google Workspace or Outlook . com account, for example, where you basically use Gmail or Outlook, but with that personal touch. :slightly_smiling_face: It’s a serviceable compromise that gets you the best of personalization and reliability.

No what do I do?

sek
https://forum.level1techs.com/t/create-free-email-aliases-for-your-domain/

1 Like

Oh yes, that is what I do too. I didnt mean actually hosting the server itself at your house. That doesnt usually work out well on residential internet. I use ProtonMail servers for their privacy and it costs $50/yr to do so with my own custom domain, unlimited emails, and 3x as much storage as free Gmail. I use the webmail login on my PC and outlook app on my phone.

1 Like

Another decent service to consider too is Tutanota. They’re a German based provider so they have to comply with the privacy requirements as well as offering encryption for the mail service.

1 Like

I use Migadu as I didn’t want my stuff with one of the data harvesters, but wanted a reliable service. Has been for a couple of years now.

Tutanota deleted my account without notice for inactivity I presume. I wasn’t using it much as i was trying it out… also the mobile clients suck balls.

The other thing you can do is run a fediverse instance. I prefer Akkoma.

i guess you could do what the e-girls do and make it a multi link redirect.
to say wendells level1techs youtube, the level1techs linux youtube, wendells onlyfans, level1tech patreon, level1techs floatplane…
that sort of thing… :wink:

Mailgun has free accounts for routing low amounts of email. I use it for alerts on my homelab and Mailgun forwards it to a Bluehost web mail account on my domain. So not a lot of traffic. For one person that should be enough.

How do you eat an elephant? One bite at a time.

Focus on one thing at a time and build it out as you feel comfortable with the technology .