Guide réseau pour serveurs domestiques
Reverse proxies, DNS, VLAN et accès distant sécurisé : donnez des noms propres à vos services.
Good networking turns a pile of services into a tidy, reachable, secure system. Here are the building blocks.
Give services a static home
Assign your server a static IP or a DHCP reservation so its address never changes. Everything else depends on this.
Clean URLs with a reverse proxy
Nobody wants to remember 192.168.1.50:8096. A reverse proxy like Nginx Proxy Manager, Traefik or Caddy maps friendly names (jellyfin.home.example.com) to your services and handles HTTPS certificates automatically.
jellyfin.home.example.com → 192.168.1.50:8096
nextcloud.home.example.com → 192.168.1.50:8080Learn the concept in the reverse proxy glossary entry.
Local DNS
Run Pi-hole or AdGuard Home as your local DNS to resolve those friendly names and block ads network-wide at the same time.
Reaching your server from outside
Do not carelessly forward ports. Instead:
- Best: a VPN — Tailscale or WireGuard — so you're "inside" your network from anywhere.
- If you must expose services: a reverse proxy with HTTPS and strong authentication, and only the one port (443) open.
Segment with VLANs (optional)
As your setup grows, VLANs let you isolate untrusted devices (IoT gadgets, guests) from your server and personal devices. A managed switch makes this possible.
A sensible target setup
- Static IP for the server
- Local DNS via Pi-hole
- Reverse proxy with automatic TLS
- Tailscale/WireGuard for remote access
- VLAN for IoT once you're ready
Get these right and your home server will be both convenient and secure.
Articles connexes
Accès distant sécurisé à votre serveur domestique
Comparez VPN, reverse proxy et Tailscale sans exposer de ports non sécurisés.
Installer Nginx Proxy Manager
Publiez vos services internes avec certificats TLS gratuits et une interface conviviale.
Configurer Caddy comme reverse proxy
HTTPS automatique avec une configuration minimale pour vos services homelab.