[jck]

I run some software on a raspberry pi at home. This pattern works very well for me:

- services exposed via caddy(configured to use my domain on cloudflare for SSL)

- my lan dns resolver(adgaurd home) is configured to rewrite these domains to local IP. Specifically, the rewrite rule looks like `homeassistant.mydomain.com -> rpi.lan`

- Cloudflare tunnel on the rpi for services I want to access outside. I've it configured to require Google auth via cloudflare zero trust(free)

The neat part of this setup is that when I access a service when I'm at home, it works as expected completely locally including https.

If I try to access the service through the public internet, it will still work on the exact same domain and also have proper auth through cloudflare. This way I can access anything on the internet from my home server without worrying about security.

Cloudflare tunnel also offers some other cool things like ssh on your browser(which again uses the previously mentioned Google auth) if you need it.