You could port forward.

However, I’d buy a digital droplet for 10 USD a month, point the A record of the domain to that and then use Caddy to implement SSL.

Caddy can run a http server or reverse proxy something on localhost.

Openrc is used by alpine and gentoo. They both work great.

Runit used by void is also fine.

If you can figure out gentoo it’s not a bad OS but compiling can be slow. You’ll learn a lot though. Checkout oddlama/gentoo-installer

You can’t, this guy doesn’t know what he’s taking about.

Port forward behind CGNAT won’t get you out. Best bet here would be ipv6.

Tor would work. However, only over Tor obviously.

Tail scale already has a bunch of limitations for unpaid users but it’s only an extra step to set up wireguard in a container.

Honestly, I’ve had little trouble. The Gentoo Wiki and Void Handbook have a lot of overlap with OpenRC and musl, respectively.

While the documentation could be improved, the overall experience has been quite good and very stable.

I’m not trying to be unhelpful. My advice would be to steer into the terminal. Bite the bullet. I use arch and alpine for my servers but Fedora would be fine (but SELinux can be a pain with bund mounts)

Probably just go with Fedora with btrfs for snaps. It has lots of support and is a common choice for servers

Wireguard (or tailscale) would be best here.

Set up wireguard in a docker container and then forward the port to wireguard, the default container on docker hub is fairly straightforward and you can always ask me for help if you need :).

However, If you are using ipv4, you need to make sure that you’re not behind a CG-NAT (If you think you might be, call your ISP and tell them you have security cameras that need to get out or something like that).

You could also try tailscale which is built using wireguard with nat-busting features and a bit easier to configure (I dont personally use it as wireguard is sufficient for me).

After that Caddy + DNSMasq will simply allow you to map different URLs to IP addresses

• dnsmasq
  • will let you map, E.g. my_computer -> 192.168.1.64
• Caddy (Or nginx, but caddy is simpler)
  • will let you map to ports so e.g.:
    • with DNS (DNSMasq as above)
      • http://dokuwiki.my_computer -> http://my_computer:8080
    • Without DNS
      • http://dokuwiki.192.168.1.64 -> http://192.168.1.64:8080/

Caddy and DNSmasq are superfluous, if you’ve got a good memory or bookmarks, you don’t really need them.

VPN back into home is a lot more important. You definitely do not want to be forwarding ports to services you are running, because if you don’t know what you’re doing this could pose a network security risk.

Use the VPN as the entry point, as it’s secure. I also recommend running the VPN in a docker / podman container on an old laptop dedicated just to that, simply to keep it as isolated as you can.

Down the line you could also look into VLan If your router supports that.

I personally would not bother with SSL If you’re just going to be providing access to trusted users who already have access to your home network.

If you are looking to host things, just pay for a digital droplet for $7 a month, It’s much simpler, You still get to configure everything but you don’t expose your network to a security risk.

If you’re just going to VPN in to your home network, I’ve found caddy to be the simplest.

To be fair, wireguard is pretty painless.