 I'm here from launch systems that want to talk about solving a problem a lot of people seem to run into When they are self hosting servers and what happens in PF sense is you build a server internally in your network And then you go through then set up a let's encrypt for example Certificate and a fully qualified domain name and you get it facing the world So now you're hosting it except when you try to access it internally There's a couple different ways to do this one of them is setting up proper NAT reflection So that when you hit the public IP address internally it reflects back in and goes to the server Another way in the way I prefer to do it is through host overrides Couple prerequisites that you are using PF sense as your DNS server If you are using something like active directory You'll have to make those same DNS changes in active directory in the DNS server that you have active directory using the windows one Essentially, this is specifically for helping people who are using PF sense want to know how to do a host override So they're fully qualified domain works properly internally and externally now This does work with either a server that is independent that you built yourself Whether it be a single host or multi-host server or if you're using HA proxy Wherever that IP address is is where you'll have to point it to in a case of HA proxy on PF sense Which I've done videos on that would be the PF sense address in the example. We're going to use today It's a standalone server that we have now what we've actually done is take launch systems comm and tunnel it to be an internal server So bear with me here for this example, but essentially you'll see that we have an IP address of 192-168-3.9 internally And that IP address is going to represent Lawrence systems comm and yes, I actually have a tunnel So Lawrence systems comm does respond on that IP address when we're going to put the host override in and Before we get there though, I want to start with the DNS resolver documentation. There are many more features in DNS resolver Then we'll be covering today. We're specifically going to be talking about the host overrides, but yes There is a lot more you can do with it I will leave a link to the documentation which is really easy to find because you just go over here and Can click the little question mark would bring you the documentation. All right now the host override section right now is empty So before we do anything, let's look up where Lawrence systems comm lives Dig 192-168-88.1 That's the IP address we have here for our PF sense. We're behind it with this laptop that I'm on So Lawrence systems comm dig and it resolves to the proper public IP address And if we are not inside this network, that would be great But as I said for this demonstration, we're assuming Lawrence systems comm actually lives internally at 192.168.3.9. So when we do The dig our goal is to resolve it to that address and now let's cover something really quick This is open SSL and this is where some of the trouble sometimes come in once you're dealing with certificates certificates have to have the name the server name sent by your browser matching The certificate that responds it actually isn't tied to IP address. It specifically is tied to the server name sent and the certificate offered This is actually how it works as well when you have a website serving up multiple Different websites on one single IP address. It uses the server name to determine what Site you're going to get or what certificate you're going to get and hopefully you are using a certificate and everything should be done securely It's a little bit simpler. Obviously if you're not same rules apply for the host override But you don't have to worry about the TLS part of it, but we're gonna do here is open SSL client We're sending the server name or systems.com to host 192.168.3.9 443 and this is just an example to show you that it pulls the right certificate So we go here and it does return CN Equals or systems calm and there's our let's encrypt CN equals three now Just so you know if we put something different and we'll put like not Or systems calm it will not return the proper name this is what happens essentially when you go to the website and Put in something like a we'll open up Firefox for this because that way nothing's cached HTTPS 192.168.3.9 and we get a certificate error Because it's not sending a certificate that matches the server name server name We sent was 192.168.3.9 and it's not the expected Certificate so we end up with a certificate mismatch and that error that people are used to seeing let's go ahead and Create an entry so the host we leave blank domain is Lawrence systems.com IP address 192.168.3.9 description LTS host Override And then we also want to go ahead and we're gonna do WWW as well and hit save and Then apply so now Lawrence systems.com equals 192.168.3.9 And WWW Lawrence six systems.com is 192.168.3.9 Let's go ahead and test so we go here and we do the dig at 192.168.88.1 Which is our local IP address of PF sense. Hey, look at responds with that put a WWW in front of it Also responds like that. What if we did an external address? 9.9.9.9 So if we hit quad 9 it gives the proper answer of 143.198 etc. So now if you're outside of your own network and not using PF sense for DNS resolution, no problem It's gonna resolve properly But internally it's going to override and put you at the local servers address, which is that 3.9 So let's actually go there now I do a refresh and then open up the web console down here and you can see the remote IP where There's a lot going on here. So my website has a lot of things on it But you see where Lawrence systems.com is being served from 192.168.3.9 down here at the bottom and That's it now I did have to pause a minute and Refresh a couple times because it takes a little while because Firefox wanted to cache the old IP address You may run into that you may have to reboot some hosts someone will hold on to despite PF sense having a new DNS entry if they've looked the site up before you may not see it immediately That's one of the reasons I was looking to see which remote IP it was pulling up down here to make sure it was pulling up The right one and that the demo was working as expected it's really that simple to do these host overrides and Override any site that you want to equal that now I mentioned multi-site hosting and for example if you had a server that supplies multiple sites based on the server name You could use the same IP address for return with different domain entries. So Lawrence systems.com Resolves as 192.168.3.9, but you could also have some other website.com resolve is that as well So it's just as many host entries as you want and of course you can add extra Aliases underneath in case you have some other ones that also resolve there because well It works the same way with subdomains as well Generally speaking you just need the two for a fully qualified domain name And yes, this will work if you have like my domain dot Dynamic DNS or whatever you may be using if you're not using a fully qualified domain name that you own But something like a dynamic DNS type of service. It does work with that as well I'll leave a link over to the documentation from pfSense on this It's a really simple thing to do but it will solve you a lot of headache just to throw that host override in there and Override it so it points at the local server as opposed to the public one And this will solve all those little bugs that seem to come up And this is a popular topic in my forum in a popular support topic that just comes up in general. I find alright Thanks And thank you for making it to the end of this video if you enjoyed this content Please give it a thumbs up if you like to see more content from this channel Hit the subscribe button and the bell icon to hire a sure project head over to Lawrence systems.com and click on the Hire us button right at the top to help this channel out in other ways There's a join button here for YouTube and a patreon page where your support is greatly appreciated For deals discounts and offers check out our affiliate links in the descriptions of all of our videos including a link to our shirt store We have a wide variety of shirts and new designs come out. Well randomly. So check back frequently And finally our forums forums that Lawrence systems commas where you can have a more in-depth discussion about this video and other Tech topics covered on this channel Thank you again, and we look forward to hearing from you in the meantime check out some of our other videos