Thank you for your answer.
My problem is, that I would like to keep my (Docker) services like Silverbullet.md in my local network only and reach them exterally by Wireguard VPN.
Before https I reached my services with <ip>:<port>, which worked fine with VPN.
As mentioned here, there are now only a few options to get https without open everything to the world:
Set my local servers ip as localhost by ssh ( ssh -N -L 3002:localhost:3000 user@someip) which works, but needs to be added for every client and every access.
Add a hosts file entry (e.g. silverbullet.lan 192.168.1.123) on every client to access the local server and add a Caddyfile entry with a selfsigned certificate.
Put a local DNS server like dnsmasq or bind9 in my network and add local domains there (like silverbullet.lan) and use Caddy again for SSL. That’s the point where I haven’t figured out how to get it running over Wireguard VPN.
I don’t want to rely on external services like Tailscale.
Thank you for your answer.
My problem is, that I would like to keep my (Docker) services like Silverbullet.md in my local network only and reach them exterally by Wireguard VPN.
Before https I reached my services with <ip>:<port>, which worked fine with VPN. As mentioned here, there are now only a few options to get https without open everything to the world:
Set my local servers ip as localhost by ssh ( ssh -N -L 3002:localhost:3000 user@someip) which works, but needs to be added for every client and every access.
Add a hosts file entry (e.g. silverbullet.lan 192.168.1.123) on every client to access the local server and add a Caddyfile entry with a selfsigned certificate.
Put a local DNS server like dnsmasq or bind9 in my network and add local domains there (like silverbullet.lan) and use Caddy again for SSL. That’s the point where I haven’t figured out how to get it running over Wireguard VPN.
I don’t want to rely on external services like Tailscale.