„Inspired“ from https://lemmy.world/post/287146 and many related questions (also on reddit before).
Why don‘t people like opening Port 443 on their Homerouter? An open Port itself is not a vulnerability because nothing is listening on it, therefore there cannot be any connection established. When forwarding Port 443 From Router to e.g. The Homeservers LoadBalancer / Proxy, this Proxy is the final resolver anyways.
So why doing the more complex and more error prone Route via the VPS / Tailscale / CloudFlare?
I did that some years ago too, but just because i did not have an static IPv4 at home. But speeds were awful and i switched to Routerport + DynDNS and now everything is super performant.
But whats the difference between having the reverse proxy on a VPS pointing to you homelab via a VPN or having this Reverse Proxy directly attached to a port? Just from „takeover perspektive“ there should be no no difference
Yes, I agree. Security wise I also don’t see a benefit in hosting the reverse proxy externally. I believe a dynamic DNS provider with a low TTL for the DNS records should work as good or perhaps even better. Not better security wise, but simpler setup, more reliable.