You can set up your cloud without purchasing a domain. 

for this, your pihole DNS is already set up to directly point ?domain? to ?localip?

as long as you are connected to the pihole DNS and on the local network, you will be able to reach your cloud.

The VPN is set up by default to use this DNS, so you will also be able to reach your cloud when using your VPN, allowing use on the go.

in your router's DHCP settings, set ?localip? as the DNS server.

in any device with a static ip, configure its dns server to ?localip?


next, you'll need to deal with HTTPS certificates on your proxy server. Because we cannot use letsencrypt, we'll have to do this ourselves. You can skip this, but that results in vaultwarden not working.

run the gencerts.sh script, this will generate the certs for you and put them in a folder inside browser.?domain? which should now be reachable over http

on ?localip?:81, log in, go to certificates > add certificate > custom

fill in your main domain as the Name

for the certificate key, use the wildcard.key file
for the certificate, use the wildcard.crt file
for the intermediate certificate, use the intermediate.crt file


because this certificate is not backed by a public certificate authority like letsencrypt, you have to manually trust the root cert on each device you want to use the cloud on, or deal with "certificate untrusted" warnings.

below are guides for doing this:


windows:

download and double-click rootCA.pfx
select "Local Machine" and click next, password is empty.
choose "place all certificates in the following store" and choose "Trusted Root Certification Authorities"
click finish and confirm with "yes" if prompted.

macOS:

download and double-click rootCA.pfx
if prompted for a password, leave it blank and click yes
open Keychain Access (applications/utilities/keychain access)
locate the imported rootCA.pfx certificate in the login or system keychains.
double-click the certificate, expand the "trust" section and set "When using this certificate" to "always trust"

Linux:

download the rootCA.crt file
copy rootCA.crt to /usr/local/share/ca-certificates/ using the following command from the directory rootCA.crt is in, or by using your file manager.
sudo cp rootCA.crt /usr/local/share/ca-certificates/

then update the CA store by rebooting or running the following command:
sudo update-ca-certificates

android:

download rootCA.crt to your device
open settings > security > encryption & credentials > install a certificate
select rootCA.crt and set a Name
reboot if prompted

IOS:

download rootCA.crt to your device
open the file in safari and tap "install"
go to settings > general > VPN & Device management > configuration profile and install the certificate
enable full trust in settings > general > about > certificate trust settings


now that you've set your DNS correctly and trusted the cert, you should be able to visit all of your sites via https://dash.?domain? 

the certificate is valid for 10 years, after which you can generate a new one with gencerts.sh