I migrated my DNS to PiHole and all my local sites now use SSL.

I was watching some TechnoTim video's on YouTube and saw one where he migrated all his DNS to two Raspberry Pi's and then set up SSL for his local sites. Now that I'm running more things locally on my K3 cluster, it's been a pain the butt trying to remember IP addresses and then getting the not secure site nag when browsing to my local sites.

So I took two Raspberry Pi 3's that I decommissioned when I built my K3's cluster and wiped the cards and installed Ubuntu 23 on them. The PiHole installation on each Pi was pretty easy. I leveraged gravity sync(https://github.com/vmstan/gravity-sync) to keep all the data synced between the two Pi's and it's worked seamlessly. As a bonus I installed the CloudFlare client on each Pi and ran all my DNS requests using DNS over HTTPS(https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/). Although the graph's are not synced across Pi's, the setup has worked extremely well and my DNS resolution is very fast(and I have redundancy, too).

The second part of this was installing Traefik on one of the Pi's so I could use a wildcard SSL cert on all my local sites. This was a little more involved. I decided to run Traefik in a Docker container and have it read it's data in from local volumes. In my docker compose file and the traefik.yml, I leveraged CloudFlare to issue and use my SSL cert. In the config.yml file I added all my routers and services to route the DNS names to the services(as IP addresses). I added all the new DNS names as local DNS entries in PiHole as the IP address of the Pi running Traefik. Now when I surf to https://site.local.mydomain.com, the DNS name gets resolved by PiHole where it is then directed to Traefik where the SSL cert is verified and then uses the routers / services to send it the correct service.