How do I properly configure domain-name example.com for internal & external sub-domains by using Cloudflare+Docker+Caddy+AdGuardHome?

[mariosffx]

Hello!

I am trying to setup internal & external sub-domains by using Caddy + Docker + Cloudflare + AdGuard Home.

What I am using

• Caddy-DNS/Cloudflare as a Reverse Proxy. The Reverse proxy runs on the sub-domain docker-lxc.example.com and the Caddyfile configuration file has the following entry calibre.example.com which reverse proxies: localhost:7080. By providing a Cloudflare API Token, Caddy can get SSL certificates for every entry there is in the Caddyfile by using Let's Encrypt
• Domain Name Manager: Cloudflare for managing my domain example.com and be able to use some external sub-domains with Zero Trust without opening/forwarding any ports from my Home Network.
• AdGuardHome DNS Rewrite: By creating A record: docker-lxc.example.com 192.168.0.200 and a CNAME record: calibre.example.com docker-lxc.example.com
• Docker in a LXC container which self-hosts the applications and it uses network_mode: host

I include all the details about my configurations below.

Problems I'm facing

When I try to visit in my browser: https://calibre.example.com I receive the Errors: ERR_NAME_NOT_RESOLVED or NX_DOMAIN or DNS_PROBE_FINISHED_NXDOMAIN

However, I have noticed that Caddy has managed to fetch the certificates for calibre.example.com and if I spam the refesh in my browser, the page loads fine with it's certificate. Additionally, if I visit: http://192.168.0.200:7080, the page loads and if I refresh the tab with calibre.example.com it loads fine. No errors.

I also use AdGuard Home as a DCHP Server and use a custom local_domain_name: example.com which I have setup in AdGuardHome.yaml settings file and I have created a DNS Static Lease for docker-lxc

When I try to ping docker-lxc.example.com and nslookup docker-lxc.example.com where AdGuard Home is Hosted, both commands work fine, but in order network nodes, the commands do not work.

Output from the commands where AdGuardHome is hosted

root@dns-pi:/# nslookup docker-lxc.example.com
Server:         192.168.0.254
Address:        192.168.0.254#53

Non-authoritative answer:
Name:   docker-lxc.example.com
Address: 192.168.0.200

root@dns-pi:/# ping 192.168.0.200
PING 192.168.0.200 (192.168.0.200) 56(84) bytes of data.
64 bytes from 192.168.0.200: icmp_seq=1 ttl=64 time=0.319 ms
64 bytes from 192.168.0.200: icmp_seq=2 ttl=64 time=0.275 ms
^C
--- 192.168.0.200 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1031ms
rtt min/avg/max/mdev = 0.275/0.297/0.319/0.022 ms

Output from the commands from a Windows 11 machine

ping docker-lxc.example.com
Ping request could not find host docker-lxc.example.com. Please check the name and try again.

nslookup docker-lxc.example.com
Server:  vodafone.station
Address:  fe80::5a76:acff:fe84:eca0

*** vodafone.station can't find docker-lxc.example.com: Non-existent domain

Which is weird, because when I do ipconfig /all I can see it uses 192.168.0.254 as a Nameserver

ipconfig output

Ethernet adapter Ethernet 3:

   Connection-specific DNS Suffix  . : station
   Description . . . . . . . . . . . : Realtek USB GbE Family Controller
   Physical Address. . . . . . . . . :  XXXX
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : XXXX (Preferred)
   Temporary IPv6 Address. . . . . . : XXX
   Link-local IPv6 Address . . . . . : XXX
   IPv4 Address. . . . . . . . . . . : 192.168.0.17(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, 19 August 2024 11:56:24
   Lease Expires . . . . . . . . . . : Tuesday, 20 August 2024 11:56:23
   Default Gateway . . . . . . . . . : XXX
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.254
   DHCPv6 IAID . . . . . . . . . . . : 1018187539
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-69-C0-7A-30-F6-EF-C1-E8-FF
   DNS Servers . . . . . . . . . . . : fe80::5a76:acff:fe84:eca0%30
                                       192.168.0.254
                                       192.168.0.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       station

Configurations

Cloudflare

Type	Name	Content	Proxy status	TTL
A	docker-lxc	192.168.0.200	DNS only	Auto
CNAME	cloud	bla.cfargotunnel.com	Proxied	Auto

For external use, I use Cloudflare and I have created a Zero Trust Tunnel with the name tunnel which handles the subdomain: cloud.example.com which allows me to have external access without opening or forwarding any ports from my router. This works flawlessly and I haven't noticed any problems with it. Also as you can see I have created an A Record: docker-lxc but it doesn't do anything. I receive the same errors whether I use it or not.

Caddy

Caddyfile

https://calibre.example.com {
  tls [email protected] {
		dns cloudflare {env.CF_API_TOKEN}
  }
  reverse_proxy 192.168.0.200:7080
}

Caddy has managed fetching a certificate for calibre.example.com but I have noticed some NX_Domain errors

Docker

docker-compose.yml

volumes:
  caddy_data:
  caddy_config:
services:
  caddy:
    network_mode: host
    container_name: caddy
    build: .
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./caddy/etc:/etc/caddy
      - ./caddy/site:/srv
      - ./caddy/data:/data
      - ./caddy/config:/config
    environment:
      - CF_API_TOKEN=some_token
  calibre:
    network_mode: host
    image: lscr.io/linuxserver/calibre:latest
    container_name: calibre
    security_opt:
      - seccomp:unconfined
    environment:
      - PUID=0
      - PGID=0
      - TZ=Europe/Athens
    volumes:
      - ./calibre/data:/config
      - /mnt/seagate:/mnt/seagate
    ports:
      - 7080:8080
      - 8181:8181
      - 8081:8081
    restart: unless-stopped

Dockerfile

FROM caddy:2.8.4-builder AS builder

RUN xcaddy build \
    --with github.com/caddy-dns/cloudflare

FROM caddy:2.8.4

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

AdGuard Home

I have configured AdGuard Home to be used both as a DNS & DCHP server and I have disabled DCHP Server in my Gateway/Router (192168.0.1). I also use DNS rewrite by adding the following records:

And here is my DHCP static lease:
for ensuring that docker-lxc will always have the same IP in my Local Network.

Also, in the AdguardHome.yaml I have added the following dhcp settings:

dhcp:
  enabled: true
  interface_name: eth0
  local_domain_name: example.com

Can someone please help what I'm doing wrong?