I recently realized that I could use tailscale between a public server and an internal server to manage my self hosting.
I had issues with my home IP changing and I had a script that update the DNS record but it always seem to have issues. Things would stop working ever so often and I would need to trigger the script manually a few times before the DNS seemed to actually get updated.
I ultimately gave up on self hosting things because of the issues with the DNS. To be fair there were also outage issues but those didn't bother me as much and were not that common.
However with tailscale I can get the cheapest VPS so I can get a static IP and then I could use nginx to simply proxy pass the requests to my internal nginx server which will then farm it out to the various applications I have. This brings my things inside my network while still making it available publically.
I am a bit worried as my tailnet is getting larger and larger. My public server is now a proper entrance into my home network which is a bit worrying.
I wonder if its possible to force my public server to only talk to a single device on my tailnet. The single device should also then block any requests going out through it coming from my public server.
The example being I ssh into my public server, ssh back into my internal server and then ssh to another device on my tailnet.
I don't want my internal server to act as a jump box.
I'm sure this is all doable but probably requires some reading.