this post was submitted on 28 Jun 2026
27 points (96.6% liked)

Selfhosted

60253 readers
630 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
27
What path does data take when connecting to a domain at my address? (sh.itjust.works)
submitted 1 day ago* (last edited 16 hours ago) by jws_shadotak@sh.itjust.works to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments
 

I have some subdomains that go to my home address (I know I should put it through a VPS first but I'll get to that when I have time).

If I connect to example.domain.tld and DNS records point back to my own IP, where does that data go to reach back to my device?

Edit: thanks for the responses everyone

you are viewing a single comment's thread
view the rest of the comments
[–] Darkassassin07@lemmy.ca 2 points 1 day ago* (last edited 1 day ago)

https://en.wikipedia.org/wiki/Network_address_translation#NAT_hairpinning

TL;DR Your router sees you trying to reach your external address and routes the connection back to your LAN without leaving the network.

This does still depend on a functional internet connection however, as your client gets your public IP from a public DNS server over the Internet.

If you were to run a DNS server locally (I use pihole for this), you could have that DNS respond with your local IP, allowing clients within your LAN to resolve the name without needing to reach out to public DNS. This means your local connections will still work when your internet is down; it also provides more privacy by keeping those requests local and can let you make local-only names that aren't publicly listed.

Of the ~28 FQDNs in my setup, only 4 are public. The rest is local/vpn only and not publicly listed due the above. The reverse proxy then drops all connections that don't use one of those recognised names, before even completing the TLS handshake. (So direct connections from someone port scanning my IP or using a domain name someone else has pointed at my IP are completely ignored/dropped without response. The server doesn't even send the TLS cert so as to not expose the names defined in it.)