Most reverse proxies can only do http traffic. Traefik can do TCP and UDP, the camera is probably UDP

Yes, hairpin can make it work but some routers don’t seem to do it well.

The other issue is that on wireguard by DNS is set to pi hole and without doing this my internal stuff wasn’t working without doing this

Others have already answered but this might help understand.

On cloudflare DNS, I set my domain to point to external IP address my ISP gives me for my router. Ie example.com points to 107.474.274.12

Within my network, my internal DNS (pi hole) is set to point to the internal IP address of my server. Ie example.com points to 192.168.1.23

Note that in the first example, the router has port forwarding so that all https traffic (port 443) is forwarded to the internal IP of my server, 192.168.1.23. I’m both example, the traffic ends up in the same place but the route it takes depends on if the traffic starts inside my network (example 2) or outside of the internet (example 1).

Just as an FYI its done like this because its vastly faster than flat files.

This is also the reason why NextCloud has lots of complaints about speed and files getting locked and not syncing properly.

Apps that are way faster (seafile, owncloud GO) use proprietary file stores.

Obsidian Live sync works extremely well and quickly to the point that the update speed is almost like a google docs with multiple editors. Couchdb is why.

Lol at the obsidian criticisms in the self hosted community :)

Couchdb is like 20 years old and not exactly ‘novel’

I setup a docker for his like 2 years ago and did nothing other than update once in that time. Live sync has otherwise been rock solid on multiple devices.

Obsidian not being open source is very valid criticism. The above 2 things really aren’t.

What was wrong with obsidian?

The self hosted live sync plugin has been rock solid between my windows, Linux and android clients.

I do exactly this with traefik.

ie: Seafile.domain.com Vaultwarden.local.domain.com

I followed this guide: https://youtu.be/liV3c9m_OX8

I suspect most people open it via subdomain or cloudflare tunnel and it seems secure enough. Haven’t seen reports of people getting hacked left and right.

VPN Certainly is more secure and works for a few people but becomes annoying if you have users that don’t want to mess with a VPN. It also helps if you want to make a public share link to someone without an account.

Wireguard uses public and private keys which are designed from the ground up to be used over plain text to establish the handshake so it isn’t an issue. Same idea with ssh keys and ssl keys

Split tunneling with wireguard is probably the best way for this.

There are many tutorials, here’s an example: https://ssh.sshslowdns.com/wireguard-split-tunnel-config/

This will let you have some things on wiregusard and some not

You do not need anything else. DNS requests are all sent over Wireguard with encryption

Use ddns on your router with a domain so you can then get something like wireguard.example.com and then use that as the endpoint in your wireguard.

Set the wireguard DNS as your pihole.

To make life easier set your home network IP space to something that another WiFi would never use, ie 192.168.46.xx

That way it will never conflict if you are on a public WiFi and you can access anything on your home lab when you need.

I’ve been using this setup for years on laptop, phone etc

I haven’t tried them but some people have made templates for obsidian

https://github.com/martinjo/obsidian-gym-log

Freecad in a VM with a remote viewer like guacamole?

OwnCloud rewrite in Go is way better

https://owncloud.dev/ocis/