Lost acces from inside LAN

very glad you fixed the issue.

for reference and as the problem comes up from time to time I decided to make an image (matching your IPs) so hopefully it helps others in the future:

image

The main concept is called “split-brain dns” (split-horizon, split-dns) - basically you access the service always using a hostname but resolve the fqdn myurl different, depending on location:

  • from the internet: to your public IP (12.13.14.15)
  • from your internal network: to the local IP (192.168.1.24)

in case you use a reverse proxy (Apache, nginx, traefik, HAproxy, SWAG, f5) point the internal DNS this address - in this case you can use external TLS certificate (letsencrypt) for valid https:// connections with port 443 and in turn there is no need to have different access points like port 444 you used in previous post…

the internal “shortcut” fails sometimes due to security mechanism called rebind protection (AVM Fritzbox), so you need to allow access to internal resource (IP address 192.168.1.24) using the public fqdn myurl in the router

2 Likes