3d ago

Help with domain

Hello everyone.

I bought domain name (example.com) from https://njal.la/ and I want to direct it to my server but I need help with it.

Let's say that I have public and static home IPv4 address 10.172.172.172 (example) and on that address is a computer running on 192.168.200.101 (example) and there is jellyfin server (port 1020/tcp), immich server(port 1021/tcp) and bitwarden server (port 1022/tcp).

My question is can I create a subdomain and point it to these servers?

Like; jellyfin.example.com -> 192.168.200.101:1020

immich.example.com -> 192.168.200.101:1021

bitwarden.example.com -> 192.168.200.101:1022

Or do I have to buy two more separate domains for these servers? Like example2.com and example3.com?

Sorry for english and also if this is a stupid question but I need to know. I have never so far used domains and never dabbled in dns setting and I don't know where to search for info.

18 comments

Just FYI, unless you absolutely need anonymity from ICANN/the country owning the TLD I wouldn't choose Njalla. Legally any domain you purchase is owned by them, that's how they can keep your name from law enforcement requests. However, that also means in any dispute between you and Njalla they can just refuse to service you and keep your domain without recourse.
Normal domain registrars are regulated and if you purchase a domain through them you are its legal owner, if they don't want your service they must still allow you to transfer the domain somewhere else. Any good registrar provides domain WHOIS protection and will only give out your name to legal requests by law enforcement, so I wouldn't worry too much about that.
- Have you been wronged by njalla?
  I think having an external owner is preferable.
  
  No, it's just something to be aware of

Lots of questions, let's take it one step at a time. You have a domain, now you can point it to your public IP, so that whenever someone tries to access example.com they ask their DNS server and it replies with 10.172.172.172 (which btw is not a valid public IP). Now that request will hit your router, you need to configure your router to redirect ports 80 and 443 to 192.168.200.101, that way the request to example.com gets to your local machine.
Ok, so now you need your local machine to reply on that port, I recommend using Caddy it's very easy to setup, but NGIX is the more traditional approach. A simple Caddy config would look like:

example.com { respond "Hello" } jellyfin.example.com { handle { reverse_proxy http://192.168.200.101:1020/ } }
So after the request reaches Caddy it will see that the person tried to access, example.com and respond with a "Hello".
If instead you had tried jellyfin.example.com the DNS would have sent you to 10.172.172.172, your router would send that to 192.168.200.101, Caddy would then send it to 192.168.200.101:1020, which is Jellyfin so that would get returned.
There are some improvements that can be made, for example if both caddy and Jellyfin are docker you can share a network between them so Jellyfin is only exposed through caddy. Another possibly good idea is to add some authentication service like Authelia or Authentik to harden stuff a little bit. Also as you might have noticed Caddy can forward stuff to other computers, so you can have one machine on your network exposing multiple services on multiple machines.

You can't assign ports via DNS, what you need is a reverse proxy. Nginx proxy manager is easy to use and very popular.
- You can with srv DNS records. I never tested if browser do honor that or just go to port 443 anyway.

Create the subdomains and have them all point to your PUBLIC IP (10.172.. But keep in mind 10... Are -not- public ip)
You will need to setup redirect from your router/gateway to your internal ip.
Unless you are on cg-nat (that would explain a 10... class ip) in that case, you will definitely need a real public static ip
To "match" the various ports all to 443, you will need a reverse proxy, since those ports are not standard. This could be mitigated with srv DNS records, but I really strongly suggest not to go public without https and reverse proxy.
- SRV records won't help with browser traffic.
- My real ip starts with 89. The 10.172.172.172 was just an example.
  
  Bad example, you picked a reserved range that confused me :)

DNS and domains are just human-friendly IP addresses.
You only have 1 public IP address.
So, to access different services you need to use different ports.
Or run a service on a single port in front of the other services that can understand the connections and forward the connections to the actual services - known as a reverse proxy. In the case of http/https, there are plenty of reverse proxies that can direct requests based on all sorts of parameters, subdomains being one of them.
If you are just starting out, I'd recommend a docker compose stack and Nginx Proxy Manager.
Learning containers & docker makes everything easier.
NPM is a very easy to use reverse proxy with a nice GUI, so you don't have to configure CertBot/ACME or learn the specific config language of Nginx.
If you are unsure of domains and all that, you can try it out for free.
Your computer has a hosts file (/etc/hosts on Linux, I think it's in system32 on windows). This allows you to tell the computer "for the domain example.com use the IP 10.0.0.200" or whatever you want. You need a hosts file entry for each subdomain.
What this means is that you can run up a docker compose stack on your computer and point a bunch of sub domains to 127.0.0.1, use self-signed certs, and play around with nginx proxy manager and docker.
No money spent, no records published, no traffic leaving your computer.
Zero risk.
There are loads of tutorials out there on NPM and docker compose stacks. Probably some close to your specific requirements.

Don't mix your public and private DNS records. Use your public records for public things, and a local DNS forwarder for your local network.
A records only reference IPs and not ports.
SRV can be used to specify where to find ports, but the client needs to support those lookups to properly use it. You can use a reverse proxy or HTTP redirects to point things to different ports.

You run a proxy on your server (the easiest is "nginx proxy manager" that has a nice web UI), then open your router to port 80 and 443 to nginx proxy manager (NOT the web UI configuration port!)
Then you instruct the proxy to route the traffic according to the URL.
Someone coming to 10.172.172.172 with no URL? Drop the connection.
Someone going to if.example.com? Forward to 192.168:8080 and so on
- And what should i set in the domain settings on https://njal.la/?
  
  Set the A record to your IP address and CNAME to @ to all the subdomains you need

And is there any problem to setting this up in docker compose?

18 comments