First time poster, although I have lurked here for a while. Apologies for any stupid questions in advance...
I'm in the middle of repurposing an old desktop as a homeserver to host several services. However, I'm fairly new to all of this and more or less just following along some pieces of code that I found on the internet. So, I definitely don't really know what I'm doing and I'd like to ask a few questions on how to do certain things and whether I got things right.
I own a domain name and have set up traefik to provide access to several services (right now gitea, portainer and authelia, plan to add others). I definitely see the use case of having some services being available on my lan, while access to others could be global. AT the same time, I like the ability to access all my services through a FQDN and having SSL certificates from Let's encrypt.
On my network, I have dnsmasq running on my (Ubiquity edge)router, but until now I have only used that to assign hostnames to my NAS and my new homeserver.
For my questions:
- Is this a reasonable set-up in the first place, or should I not be running dnsmasq on my router? In the future I might consider something like AdGuard, but the idea of having a DNS server on my router seems to make some intuitive sense, as 1) this device is reponsible for my network's routing anyway and 2) by using my router for such a critical feature, I'm not introducing additional points-of-failure (e.g. if the machine on which the DNS server is located goes down, but my router isn't, I still might not have internet functioning, whereas if my router is down, internet isn't working anyway).
- Should I add entries to dnsmasq to point the local only services to my homeserver? And is adding these DNS entries something I should do in any case, also for my public services (for example in case my internet connection goes down)? Is there a way to automatically discover these services and register them so that I don't have to maintain entries manually?
- Is there any additional traefik configuration required to only allow local network access (IP whitelisting?) Will the local services remain having an SSL certificate in a set-up like this?