real https on your personal network

tyler's notes

real https on your personal network

and DNS level ad blocking!

by tyler|

September 21, 2025

I hate these ^

So... I did the following:

And really enjoy fun custom domains! So... for my home lab, I bought a .house domain and got to setting up all of my local services on subdomains of it. For this post, let's pretend I bought: my.house (I didn't).

Tailscale (initial setup)

Set this up with the default directions on tailscale.com - we'll use it later to connect everything together

Caddyfile

Caddy is used for auto-certifying ssl for the https on all of our subdomains. I use cloudflare as my registrar on this domain and there's a nice little dns plugin for handling the certifications with the registrar.

https://github.com/caddy-dns/cloudflare

Just use the plugin, grab a cloudflare api token, and run Caddy's docker compose 🚀.

The Caddyfile looks something like this btw:

{
        email hello@me.com
        acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}

photo.my.house {
        reverse_proxy host.docker.internal:8675
}
logs.my.house {
        reverse_proxy host.docker.internal:309
}
pihole.my.house {
        rewrite / /admin
        reverse_proxy host.docker.internal:2222
}

Pi-hole (or whatever other local DNS you want)

I like network level ad and tracker blocking. pihole does a great job of this and also comes with it's own docker compose setup.

https://github.com/pi-hole/docker-pi-hole

One step you'll need to do is to remap the port for http and https of the pihole in it's compose.yml which hosts the pihole dashboard.

ports:   
      # Default HTTP Port
      - "2222:80/tcp"
      # Default HTTPs Port. FTL will generate a self-signed certificate
      - "2223:443/tcp"

This is to prevent port collision between caddy and the pihole and we need to use 80 and 443 for caddy.

Get it running and add all the subdomains to the local ip entries in the local dns settings. If your tailscale ip of the pihole host machine is 100.123.123.123 then the entries would be:

photo.my.house 100.123.123.123

pihole has good instructions online, but if you'd like it to run on your entire home wifi network, you'd configure your DNS settings with your router to be the local ip address of the pihole machine at this point.

Back to Tailscale

Last step is to point the custom tailscale DNS to the tailscale network ip associated with the pihole server

https://tailscale.com/kb/1114/pi-hole#step-4-set-raspberry-pi-as-the-dns-server-for-your-tailnet

And now you have as many subdomains as you'd like from your home server, all with https, accessible wherever you go via the tailscale network! 🎉