I use funnels for things like Vaultwarden, that are secure enough to be exposed on internet, and would be cumbersome if behind the tailnet.

I use serve for everything else, just for the clean SSL termination for things that should stay within the telnet, like *arr stacks, immich, etc.

▲

ethangk 4 hours ago | parent | next [-]

Ah neat, that makes sense. Thanks.

Do you have anything that’ll trigger a notification if there’s suspicious traffic on your local network? I may be overly paranoid about exposing things on my local network to the internet.

	▲	Galanwe 3 hours ago \| parent [-]
		Not really, but these stuff are in an isolated DMZ vlan, so theres not much to escalate to. I fancy a bit upgrading to a smarter router like unify's with integrated firewall and stuff like like though.

▲

edentrey 3 hours ago | parent | prev [-]

After a decade with KeePass, I’ve finally moved to Vaultwarden. I’ll admit, self-hosting such a critical service still feels a bit scary, but the seamless syncing across all my devices is a huge upgrade. To balance the risk, I keep it tucked safely behind Tailscale for that extra peace of mind.