I found this thread where BernH mentions exactly what I want to accomplish:
If you do want to use https in your network, the easiest way is you use a local DNS server like pihole, dnsmasq, or even some routers can do it. This way you can use the same web address and therefore the same certificate regardless of if you are home or not.
I would like to get my PiHole DNS and SWAG reverse proxy setup so:
- A few select services are accessable via WAN (I already have this set up).
- All of the services from 1. are also available via the local DNS server (pi-hole) by their WAN addresses, but requests will be SSLed and local.
- All remaining services have a named local address (I'm not picky about what this looks like, but it would be nice if it fit with my service.mydomain.com standard) for local secured use, like in step 2.
I assume all of these things are possible, but I'm struggling to find comprehensible documentation on steps 2 and 3. Is what I'm trying to achieve realistic? If so, could someone point me to low level explanations on how I can accomplish this?
Edit: I hope mentioning someone and starting a new thread is appropriate, please let me know if I need to change anything on my post.