kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add: Internal DNS for kavcorp.com domains via Pi-hole

Browse Source 
- Added *.kavcorp.com DNS entries pointing to Traefik (10.4.2.10)
- Internal clients can use https://jellyfin.kavcorp.com with valid certs
- Same URLs work internally and externally, no port numbers needed
- Also added Traefik internal entrypoint on :8080 for .kav HTTP access

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
kavren
2025-12-28 22:04:18 -05:00
parent e4506d6a07
commit 3f0c050ff6
2 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/CHANGELOG.md
View File

@@ -4,12 +4,11 @@
## 2025-12-28 ## 2025-12-28
### Internal .kav Routing via Traefik ### Internal DNS for kavcorp.com Domains
- Added Traefik `internal` entrypoint on port 8080 for .kav domain routing - Added Pi-hole DNS entries for `*.kavcorp.com` pointing to Traefik (10.4.2.10)
- Created `/etc/traefik/conf.d/internal-kav.yaml` with routes for all services - Internal clients can now access `https://jellyfin.kavcorp.com` etc. with valid Let's Encrypt certs
- Updated Pi-hole DNS to point service .kav domains to Traefik (10.4.2.10) - No port numbers needed, same URLs work internally and externally
- Services now accessible at `http://<service>.kav:8080/` without per-service ports - Also added Traefik `internal` entrypoint on port 8080 for .kav HTTP access (optional)
- Direct access retained for: Proxmox nodes, kavnas, docker hosts, mqtt, zwave
### Guest VLAN Media Access ### Guest VLAN Media Access
- Added firewall rules allowing Guest VLAN to access Jellyseerr (10.4.2.25) and Jellyfin (10.4.2.26) - Added firewall rules allowing Guest VLAN to access Jellyseerr (10.4.2.25) and Jellyfin (10.4.2.26)

11
docs/DECISIONS.md
View File

@@ -55,12 +55,13 @@
- `.local` - Conflicts with mDNS/Bonjour - `.local` - Conflicts with mDNS/Bonjour
- `.home.arpa` - RFC 8375 compliant but verbose - `.home.arpa` - RFC 8375 compliant but verbose
**Usage**: Services accessible via `http://<service>.kav:8080/` (routed through Traefik) **Usage**:
- **HTTPS (recommended)**: `https://<service>.kavcorp.com` - valid Let's Encrypt certs, works internally and externally
- **HTTP (optional)**: `http://<service>.kav:8080/` - internal only, no certs needed
**Internal Routing via Traefik**: **Internal DNS Configuration**:
- Pi-hole resolves `.kav` domains to Traefik (10.4.2.10) - Pi-hole resolves `*.kavcorp.com` to Traefik (10.4.2.10) for internal HTTPS access
- Traefik `internal` entrypoint on port 8080 routes to backend services - Pi-hole resolves `.kav` domains to Traefik for HTTP:8080 access
- No port numbers needed per-service, just use `:8080` for all
- Direct access (no Traefik): pm1-4.kav, elantris.kav, kavnas.kav, docker hosts, mqtt.kav, zwave.kav - Direct access (no Traefik): pm1-4.kav, elantris.kav, kavnas.kav, docker hosts, mqtt.kav, zwave.kav
### SSH Access Policy ### SSH Access Policy