Clean URLs and trusted HTTPS on a home server without opening any ports
A home-server beginner shared a two-step plan to replace clunky `192.168.x.x:8080` addresses with readable ones like `app.home.arap`, while also getting HTTPS that all devices trust — all without exposing anything to the internet or using a VPN. Step one uses 's feature to point a friendly address at the server's local IP. Step two puts Caddy in front as a : it listens on the web ports (80 and 443) and forwards traffic to whichever internal port the right service is running on, so the port number disappears from the URL entirely.
Caddy can issue HTTPS certificates automatically, but because the domain is purely internal, no public certificate authority will vouch for it, so browsers and devices show a warning by default. The fix is to create a private certificate authority with a tool like mkcert and then install that CA as trusted on every device in the home — after that, warnings disappear.
Key points
- s map a custom local address (e.g. `app.home.arap`) to the server's IP
- Caddy as a routes requests to the correct internal port, removing the need to type port numbers
- To eliminate HTTPS warnings on a private network, create a local CA with mkcert and install it as trusted on each device
- The entire setup works with zero and no VPN
- iOS devices need a separate process to trust a custom CA compared to macOS or Windows