Temp stuff where I could care less about the free tier domain name or things that I just want to funnel to my existing devices: Tailscale

Widespread, prolonged services that will be more actively maintained for a longer amount of time and can just spin off of its own domain/subdomain: Cloudflare

Both are great.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

[Thread #265 for this comm, first seen 30th Apr 2026, 19:30]
[FAQ] [Full list] [Contact] [Source code]

• option 3: self-host Netbird control plane
• option 4: use Netbird's reverse proxy

Wireguard.

Dunno if Cloudflare does effective auth for the tunnel or if you have to set that up yourself, but I don't bother trying to expose services to the internet in any way because some of this stuff was just never designed for proper web security (cough Jellyfin).

It's still worth setting up a wildcard cert with ACME so you get nice https and a real domain.

Just Wireguard on a router, but I'm thinking Netbird.

WG can be a bit PITA to set up, but once you do, it just works. What I would to have is more fine grained control over who goes where if I were to expose some of the services to friends.

Both.

I have a free vps providing me a public IPv4 address, connected to my opnsense router via tailscale, and use a simple port forward from the VPs to the router's tailscale IP.

I have certain port/connections coming in either via the tailscale IP or my external IPv6 address all forwarded to my internal Caddy reverse proxy which itself is only running IPv4.

And I use cloudflare for my dynamic DNS resolution of my domain. A records are my public VPS IPv4 and AAAA are my own public IPv6 addresses respectively.

If/when I change to a service provider that doesn't use CGnat for IPv4, I can stop doing the forwarding from my VPS.

That's so we can stream music/video without needing to use the VPN.

But, I also run tailscale on my phone, so I can do admin stuff remotely from it, albeit painfully, on this small screen when things break. 🤣

I actually have Wireguard running on a pi zero 2, all it really does is provide me my pihole DNS.

Edit:

I should say I have pihole running on a couple of pi 5’s currently, overkill yes but one of my pi 4’s was sacrificed to the whims of magic smoke another was donated to a friend and another now hosts HAOS, I have a few pi zero 2’s (only one was sacrificial) the one that hosts wireguard has one of my last few working SD cards. The pi 5’s host many other things other than just pihole.

Taking do one thing, but do it good to the next level, nice!

I thought about getting a pi zero also just for the pi-hole. But my pi3b holds up pretty good, still

In the not to distant future I will be retiring wireguard from that pi zero 2 and turning it into a pots server. I have grand ambitions to make a better home lab with a few more pi’s and to help me get away from big tech more.

The only thing google I have is an email I do not use but so I can watch YouTube, but I use unwatched to block ads.

The only thing apple is my iPhone and my iPad, when it becomes time to replace those I will have to figure out graphenOS and some Linux distro for a tablet of some sort.