Up until now I have been working locally (on my home network). While that is enough for most of the services I’m running I need to access some of them from the outside. For example, I want to expose this blog to the internet and access Miniflux to read my RSS feeds on the go.

There are a few ways to achieve this but I have some specific requirements that I want to meet:

1. Zero-trust approach: I don’t want to expose the services directly to the internet.
2. Public services: Other clients apart from me should be able to access some of the services.
3. Home IP safety: Don’t directly expose my home IP address. (This is on par with #1, but I want to make it explicit).
4. On-transit encryption: Full on transit encryption from the client to the cluster with no re-encryption in the middle.
5. No Cloudflare. (Breaks #4)
6. No Tailscale. (Breaks #2, also there are other users at home and I don’t want to have the Tailscale client running all the time).

What does this leave me? A reverse proxy server.