Networking/DNS n00b needs help setting up a reverse proxy for home LAN (Proxmox VE, Caddy)
I am in process of upgrading my home server setup and am trying to make it dead easy for my wife and kids to access services (mostly Immich, but also possibly things like VaultWarden, CalDAV/CardDAV, etc.). We currently have an Asustor NAS to host all of our personal files, and I have been running apps like Immich on the NAS (using Asustor's app store, which mostly uses Docker, but with some modified settings). I've run into a few issues with the Asustor Apps failing after updates, which has caused me major headaches in trying to restore them, so I'd like to move my services off of the Asustor and onto a separate machine. I also have a separate Ubuntu server that hosts a few very low traffic public-facing personal websites that I'd like to preserve, but that machine is old and I've never been super confident in my ability to keep it secure. I have purchased a new Intel Core Ultra 9 mini PC and am trying to set it up to run Proxmox VE - mostly to ease backups as well as permit me to test new setups or upgrades in separate VMs or LXCs without monkeying with services I already have working.
My goal: make it so my wife and kids can access, say, https://immich.int.mydomain.com/ while at home or when using Tailscale, and have it... work. It would be even better if I could just use https://immich.mydomain.com/, but I worry that gets harder to implement with wildcard certs. I don't need most of these services to be accessible from external networks, though I do still plan on hosting a couple of websites that will need to be accessible externally, so I will presumably need to forward ports 80 and 443 on the router to the webhost (or to the Caddy host, which will forward appropriate request to the webhost). I assume that to do this, I need to set up a local DNS server for our phones/tablets/PCs in the router (and in Tailscale) - maybe a pi-hole I already have running on a Raspberry Pi - with DNS A records pointing to the Caddy host. But I haven't gotten that far.
I have Proxmox installed and working, but I tried to install Caddy in an Ubuntu LXC and cannot get it working. I don't know if the problem is with a router setting, a DNS setting, some networking setting on the LXC... but I can't get it to respond to outside http/https requests. The Caddy LXC has access to the internet - it was able to generate wildcard ACME certs for a domain I own based on a CNAME entry at my DNS provider (following these instructions), but when I enter the LXC's IP address in a browser on my network, there's no response ("This site can't be reached...") (same when I try to access the Caddy admin UI at port 2019). The LXC shows up in my router's client list (with the correct IP address), and I can ping the machine from other devices on the network. Just no http/https response. Caddy is running: 'caddy start' results in: "Successfully started Caddy (pid=7128) - Caddy is running in the background."
I've read every post I can find about setting up Caddy, but none seem to address the basic issue of ensuring the Caddy host is reachable. Also, I'm not on a VPS, I don't use Cloudflare, etc. Is it a simple matter of telling the LXC (or Caddy itself) to listen on ports 80 and 443? How do I do that? Do I need to change a router setting? Is it a DNS issue? How do I diagnose it? I've adjusted every network and firewall setting I can find in Proxmox (e.g., Firewall: No, Input Policy: ACCEPT). I'm at my wits' end.
I am a lawyer, not an IT specialist, and I don't know much about networking, DNS, etc. Unsurprisingly, my home LAN setup is not all that complicated. I have a primary (Asus) router running Merlin - for arguments' sake let's say that its IP is 192.168.1.1, and it runs a DHCP server with addresses running from 192.168.1.7 through 192.168.127.255 (that is, my full subnet except for the first few addresses that are used by access points and other devices). My Proxmox VE host is at, say, 192.168.20.0 (with that address reserved for it in the DHCP reservation list) and the Caddy LXC has an IP of 192.168.20.1 (also with a DHCP reservation). I also tried restricting the DHCP server to a smaller range, and assigning the Proxmox host and Caddy LXC static addresses within the subnet but outside the DHCP range, but that made no difference. I used my router's IP as the DNS for Proxmox and the Caddy LXC. I run a pi-hole at, say, 192.168.1.6, but the router does not use it for DNS by default - it is currently only used by devices connected to my Tailnet, which the Proxmox/Caddy hosts are not on. I have occasionally played with using different DNS providers (e.g., Quad9, Adguard), but after complaints from family members about email links not working, etc., my router is currently set just to use my ISP's DNS.
While I've been using Linux for years, I am brand new to Proxmox and Caddy (and am no Docker expert, either). I'm hoping there's some dumb setting in Proxmox that wasn't mentioned in the myriad tutorials I've read. At any rate, I would appreciate any suggestions on how to get Caddy working in an LXC on Proxmox!