From 3f0c050ff660849e6bdac2bbc7b2d9d6b5a782b4 Mon Sep 17 00:00:00 2001 From: kavren Date: Sun, 28 Dec 2025 22:04:18 -0500 Subject: [PATCH] add: Internal DNS for kavcorp.com domains via Pi-hole MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Added *.kavcorp.com DNS entries pointing to Traefik (10.4.2.10) - Internal clients can use https://jellyfin.kavcorp.com with valid certs - Same URLs work internally and externally, no port numbers needed - Also added Traefik internal entrypoint on :8080 for .kav HTTP access 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- docs/CHANGELOG.md | 11 +++++------ docs/DECISIONS.md | 11 ++++++----- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index d3d9a3e..34d545a 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -4,12 +4,11 @@ ## 2025-12-28 -### Internal .kav Routing via Traefik -- Added Traefik `internal` entrypoint on port 8080 for .kav domain routing -- Created `/etc/traefik/conf.d/internal-kav.yaml` with routes for all services -- Updated Pi-hole DNS to point service .kav domains to Traefik (10.4.2.10) -- Services now accessible at `http://.kav:8080/` without per-service ports -- Direct access retained for: Proxmox nodes, kavnas, docker hosts, mqtt, zwave +### Internal DNS for kavcorp.com Domains +- Added Pi-hole DNS entries for `*.kavcorp.com` pointing to Traefik (10.4.2.10) +- Internal clients can now access `https://jellyfin.kavcorp.com` etc. with valid Let's Encrypt certs +- No port numbers needed, same URLs work internally and externally +- Also added Traefik `internal` entrypoint on port 8080 for .kav HTTP access (optional) ### Guest VLAN Media Access - Added firewall rules allowing Guest VLAN to access Jellyseerr (10.4.2.25) and Jellyfin (10.4.2.26) diff --git a/docs/DECISIONS.md b/docs/DECISIONS.md index b30fc58..33f5e6d 100644 --- a/docs/DECISIONS.md +++ b/docs/DECISIONS.md @@ -55,12 +55,13 @@ - `.local` - Conflicts with mDNS/Bonjour - `.home.arpa` - RFC 8375 compliant but verbose -**Usage**: Services accessible via `http://.kav:8080/` (routed through Traefik) +**Usage**: +- **HTTPS (recommended)**: `https://.kavcorp.com` - valid Let's Encrypt certs, works internally and externally +- **HTTP (optional)**: `http://.kav:8080/` - internal only, no certs needed -**Internal Routing via Traefik**: -- Pi-hole resolves `.kav` domains to Traefik (10.4.2.10) -- Traefik `internal` entrypoint on port 8080 routes to backend services -- No port numbers needed per-service, just use `:8080` for all +**Internal DNS Configuration**: +- Pi-hole resolves `*.kavcorp.com` to Traefik (10.4.2.10) for internal HTTPS access +- Pi-hole resolves `.kav` domains to Traefik for HTTP:8080 access - Direct access (no Traefik): pm1-4.kav, elantris.kav, kavnas.kav, docker hosts, mqtt.kav, zwave.kav ### SSH Access Policy