Caddy - Reverse Proxy with Pi-hole Local DNS Setup
Since I create Docker/Podman containers with a macvlan and a reserved IP address, I also wanted to use my local top level domain (home.arpa) for safe and easy browsing to the container software. For example
homer.home.arpa refers to the IP address of the Homer container which is running in NixOS and will serve the site over HTTPS.
Home.ARPA has been specifically created to handle “home” or “small business” name queries by shunting it to “black holes” early in the hops.
# uncomment to debug when things aren't working the way you'd like
Adjust the following:
homerwith your name and
home.arpawith your top level domain. We will also need the full domain name within Pi-hole
Use locally-trusted certificates. Please see the Caddy docs for more information
You can then start Caddy and the necessary self-signed certificates will be generated automatically.
Pi-hole Local DNS Configuration
The steps below assume that Pi-hole is already running.
Local DNS Records page you can add domain/IP associations.
- Select in the navigation
- Add the domain, for example:
homer.home.arpawith the IP address (without the port) you entered above for the reverse proxy (
It will then look like this:
Root Certificate Installation
Now if you go to
homer.home.arpa in a browser, it will indicate that the connection is not trusted or will not work at all.
I fixed this by having different devices and browsers trust the Caddy root certifcate which is generated within the Caddy container.
The steps below assume that Caddy is running as a container:
- Go to the shell inside the container with
sudo podman exec -it caddy /bin/sh. If you use docker replace the command
- View the content of the root certificate with
- Copy the contents of the root certificate into a
root.crtfile on your desktop, for example. Make sure you copy
- Exit the container shell with
- Go to
about:preferences#privacyand scroll down to
- Within the Certificate Manager go to
Authoritiesand choose to import the Caddy root certificate which you previously saved as
Chrome or Vanadium (android)
- Make sure you can access the
root.crtfile through the file manager on Android. This can be done, for example, by putting the file on Google Drive, Synology Drive or Proton Drive.
- Then go to the Android file manager en select your Drive in the navigation and install the certificate by tapping
Read other notes
No comments found for this note.
Join the discussion for this note on this ticket. Comments appear on this page instantly.
Notes mentioning this note
- Homer Dashboard - NixOS Container Setup
I was looking for a simple dashboard that I could use as a home page on my clients. I found...
- Caddy - NixOS Container Setup
Caddy is a simple open-source web server.
- phpMyAdmin - NixOS Container Setup
phpMyAdmin is a free webbased software tool intended to handle the administration of MySQL
- NixOS - Cockpit Setup
Cockpit is a modern web-based graphical interface for servers. You can use it to administer servers and it has a...