A homelab enthusiast explains why they moved away from publicly exposing services via free-tier to a private mesh network using a combination of two tools. The main pain points with the old approach were latency, ToS concerns around video streaming, and the anxiety of having services publicly accessible. The new setup uses a VPN mesh to assign private IPs and MagicDNS hostnames to all devices, while a web server handles internal TLS termination and hostname-based routing via its own CA. The result is a fully private homelab with no open ports, no public footprint, and no dependency on third-party uptime.
Table of contents
Cloudflare tunnels seemed perfect until it didn’tTailscale changed the model entirelyCaddy fixed the part that Tailscale doesn’tFinally, a stack that works for meSort: