41

I have a bunch of services running on my LAN, mostly from a single Debian machine. I access them at URLs like http://devicename.lan:portnumber. I would like to change to http://servicename.devicename.lan.

How it works now: The router (openwrt) sets a static IP per device and the port number is selected by the application or system unit running it.

What is the absolute simplest way to accomplish this? I don't mind if it is managed by the router or by the server machine itself. Hoping for something that can be configured with a text file or web interface or other basic mathod.

These sevices are private, just for me and I have no plans to ever access them externally. I have so far avoided any certificates or SSL or other stuff. I don't use docker and would rather not get into it right now. I like my domain name setup how it is with fake local domains.

Hoping this could be possible without making a whole project out of it.

you are viewing a single comment's thread
view the rest of the comments
[-] moonpiedumplings@programming.dev 36 points 22 hours ago

You want a reverse proxy. A reverse proxy reads requests to subdomains and then forwards them to ports and back.

The easiest GUI one is: https://nginxproxymanager.com/

But there is also just straight nginx, or you can use Caddy or traefik or anything else.

[-] myrmidex@belgae.social 2 points 16 hours ago* (last edited 16 hours ago)

One benefit of Caddy over NPM: local certificates.

The latest selfh.st newsletter linked to a relevant video:

https://www.youtube.com/watch?v=EVnwnFY7C1w&ref=selfh.st

[-] moonpiedumplings@programming.dev 4 points 6 hours ago

You can use local certs with nginx proxy manager as well. You can upload certs via the web ui.

Rather than local certs though, I would recommend buying a domain and using it locally, with https. The problem with the local cert approach outlined in the video, is that importing a root cert opens up a big security hole to MITM attacks. If an attacker gets the root certificate, they can now MITM everything else your browser is accessing. You turn the browser from one of the most secure components of a modern OS, into only as secure as the server hosting the root certificates.

The approach I would prefer, is to buy a domain, and use it locally, using DNS-01 challenges to get letsencrypt signed certificates even from within an internal network. Both Caddy and NPM have support for DNS-01 challenges.

[-] myrmidex@belgae.social 1 points 4 hours ago

Thanks for the explanation, something I need to look into!

[-] BingBong@sh.itjust.works 2 points 19 hours ago

This is what I do. There is actually an nginx proxy manager plugin for home assistant that I used and helped make it really trivial.

this post was submitted on 12 Jul 2026
41 points (93.6% liked)

Selfhosted

60623 readers
931 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS