Subdomain forwarding only if within the home network

ewaldt · July 17, 2021, 10:13am

Hey there,
fist to say: I´m new to this forum, so i hope that my post and question are good enough I hope this is the right topic.
I have been successfully running Traefik as a Docker container for a long time and I use it to successfully forward various subdomains to various containers and also external services.

So far so good. However, I would like to use a subdomain that only forwards if you are in the home network or have a VPN connection there.
For example:
backup.mydomain.com should refer to an external service (external means that it is not a Docker container, but rather integrated by a file). It works as far as I can, even with SSL. But I would like to achieve that when backup.mydomain.com is called, forwarding only takes place if the call itself comes from within the home network or if there is a VPN (which is probably the same).

I've been looking for a long time, but nothing has got me anywhere. Maybe that is not possible or not useful? I'm not sure my plan makes any sense. You are welcome to give me constructive criticism.
My plan is to reach an internal server via this subdomain without always having to enter the IP and port into my devices, but rather relax the domain. Nevertheless, only home network / VPN contact should be possible.

If you have tips, even if it is said that this is crap and does not work, I would be happy to receive your feedback.

Greetings, Timo

CHeitkamp · July 21, 2021, 1:09am

Hi Timo,

I would suggest another approach to your problem:
Limiting the access to this services to requests from given IP addresses/ranges by using the IP whitelist middleware.

This example middleware configuration would limit the access to localhost and all private IP address ranges:

http:
  middlewares:
    backup-ipwhitelist:
      ipWhiteList:
        sourceRange:
          - "127.0.0.0/8"
          - "192.168.0.0/16"
          - "172.16.0.0/12"
          - "10.0.0.0/8"

So only computers on the local network would be able to access this service.

Of cause this example will only work, if your Traefik server is accessible directly from your local subnet. Otherwise if it is external, than you would need to have an static public IP address, which can be added to the whitelist.

Greetings,
Christoph

system · August 4, 2021, 9:19am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Try to redirect localhost:port to a subdomain.domain.exemple Traefik v2 (latest) docker	6	4640	October 6, 2022
Can someone help with setting expectations with local domain usage (and what I may be doing incorrectly) Traefik v2 (latest) docker , middleware	4	148	February 15, 2024
Traefik to forward to a backend but not a docker container? Traefik v2 (latest) docker , tracing , tcp	2	1271	February 26, 2020
Problems with port forwarding Traefik v2 (latest) docker	1	1060	October 11, 2022
Having traefik serving internal and external services (public / private)? Traefik v2 (latest) docker , middleware	0	2207	April 14, 2020

Subdomain forwarding only if within the home network

Related Topics