Remote Access with Caddy and Tailscale

Exposing services is done through one of three ways:

1. Cloudflare Tunnels
2. VPS on Hetzner directing traffic through [[Caddy]] and Tailscale
3. Tailscale sidecar container

Cloudflare is easy to set up, but we have to rely on their service and encryption is terminated at their edge. No specific setup to get https certificates needed. Before these services can be accessed, authentication is required.

Going through a VPS costs a few dollars. However, the setup is secure all they way without any restrictions. No upfront authentication (might be possible through other services). See https://www.youtube.com/watch?v=8iRgvhRpyK4. Local repo is last-frontier (not yet published on Github).

Directly connecting through Tailscale keeps the service secure but only works for known clients.