My homelab has a setup like this, but all done somewhat-manually. HTTPS for my Docker images running in the homelab via a certbot image. A Wireguard setup to connect the homelab to a small Hetzner VPS, and a proxy there to allow certain traffic through.

I've been wanting to add some authentication lately so that I can manage access to the homelab resources. I currently prohibit all traffic and only allow the Wireguard subnet, but this means any clients have to be provisioned in Wireguard, which is a nuisance to setup manually. It does seem to work well enough though.

Pangolin seems like it would be a one-stop replacement and simplify the setup, especially once I look at adding user management to the mix.

I keep seeing people say they run things like this and I continue to be confused.

> proxy there to allow certain traffic through.

Why not just run the proxy .. on your homelab?