On my Lan I have 192.168.1.111 hosting a bunch of various services not containerized. All connections are done either from my internal lan or from wireguard going through 192.168.1.111 so no external traffic bar wireguard.
I’ve set the host name of 111 in the hosts file inside the router and 111 and it works for all devices expect the ones connecting via wireguard.
But I dont want to have to use hostname+port for every service, I’d like each service to have its own name. I’d also like certs.
Can someone point me in the right direction for what I need to do? I’m thinking maybe this requires a local DNS server which im hesitant to run because im happy using 8.8.8.8.
For certs do I create a single cert on the 192.168.1.111 and then point all the applications to it?
As others have said, reverse proxy. My experience is with Caddy and LetsEncrypt. If you wanted to step it up a couple notches, you could go with Cloudflare tunnels/zero trust. With the latter scenario, you’ll need a domain name that you can change the nameservers to Cloudflare assigned nameservers. With the Cloudflare option, you don’t have to fiddle with ports, UFW, or NAT. Just install on your server and it punches a fully encrypted tunnel.