Hello everyone, I'm seeking an ideal way to make secure https connections to a handful of web servers in my house. Currently I have a Nextcloud server and a gitea server, but only the Nextcloud server is being port forwarded on 80/443. I want to make my gitea server publicly visible as well as a couple other projects. My thought is to have relayd running on my router and match Host headers and forward it to my servers based on the Host. This will also conveniently let me handle renewing Let's Encrypt certs in one place. I already do this right now with a VPS, but I have a wireguard tunnel to my house in this case to access the backend, which is encrypting the traffic from my relayd server to my backend web server.
With my Nextcloud and gitea server, if I terminate SSL at my router, the connection between my router and Nextcloud/gitea web servers would be unencrypted. Even though it is in my own house, I don't really like that idea. It seems to be overkill too to do peer to peer wireguard between my Nextcloud/gitea servers in my house. I was wondering if this would actually be proper or if there are any other ideas you all might have. Ultimately, I want to serve a handful of services on 80/443 that are easily accessible internally and externally, and I don't want to have unencrypted traffic between relayd and my server for the services that are passing sessions and such. Thank you, Courtney
