Tailscale and Certbot for accessing my homelab
For my internal network at home, I have a Pi-hole instance running as my DNS server. I’ve added records to point subdomains at their appropriate servers.
Tailscale gives each server its own “Tailnet” IP address that is only accessible from devices within the Tailnet. By adding public A records for my services using their Tailnet IPs, I can now access my homelab services using their subdomains whether I’m on my local network or connected to my Tailnet.
One downside is that I need to update DNS records in two places when I add or remove a subdomain. That doesn’t happen too often, though, so it’s not a big deal.
Thanks, Tailscale!
HTTPS all the things!
I use Let’s Encrypt and Certbot for generating SSL certificates for my projects. My usual method is to use Certbot and its nginx plugin. That generates a file that is served via the web so that Let’s Encrypt can verify I control the domain.
Since my homelab services are only accessible from within my network or via Tailscale, I wasn’t sure I could use Certbot.
My first thought was to create a simple service on my public-facing Linode VPS to generate a certificate and then copy files to my home server. I could probably automate that process, but I was worried that the certificates could get out of sync and that my services would be temporarily unreachable.
Then I came across the DNS based certificate process. Certbot has a plugin to use the Linode API to generate a TXT record for domain verification. It was easy to set up and now I have a wildcard certificate for my internal domain that can be reliably renewed.
Thanks, Certbot!