Homelab Access Architecture: Tailscale, Caddy, and Custom Domains
The primary objective of this setup is to provide secure and convenient access to internal homelab services from any location without direct exposure to the public internet. This is achieved by leveraging a trusted mesh VPN (Tailscale), a flexible reverse proxy (Caddy), and robust DNS management (Cloudflare). Core Components Tailscale: The Secure Network Fabric Tailscale establishes a private, encrypted mesh network connecting all authenticated devices and homelab servers. Access Control: Remote access to any homelab service is exclusively facilitated through a client device connected to the Tailscale network. Direct public internet exposure of services is actively avoided. Internal Routing: All inter-service communication within the homelab, including Caddy’s forwarding of requests to backend services, occurs over Tailscale’s encrypted tunnels using their respective Tailscale IP addresses. Caddy: Reverse Proxy and SSL Automation Caddy functions as the central reverse proxy within the Tailscale network. ...