Hello guys,
I need to upgrade my setup and I’m looking for suggestions about feasibility and best practices.
Currently I have Caddy in my LAN, serving a bunch of internal sites, requesting a wildcard certificate, so TLS is terminated there. Caddy is accessed externally through a Cloudflare Tunnel and authentication and security rules are enforced through Cloudflare.
I want to remove Cloudflare from the equation. I have a VPS performing decently and I’m planning to tunnel my local server to it and install an additional Caddy on the VPS to perform authentication there through Authelia or Caddy Security.
The requirement is to keep TLS terminated on Caddy LAN side, because I have some DNS rewrites to access the services internally while I’m at home. I guess this will require Authelia to be installed in my LAN instead of the VPS.
Any consideration or piece of advice? Something that should be done differently?
Thanks for you help!
Cheers