![[?]](https://m5l.eu/u/marek/s/avatar-ff8999a3b20360a58bc1da5859b98e8a.png){kind=avatar}
I have this exact situation, where I have a Pangolin tunnel (used to be Cloudflare before) and everything gets routed there. I'm having a .local domain resolve to the server in LAN, but this requires a self-signed certificate so only my personal devices use it.
...
![[?]](https://media.hachyderm.io/accounts/avatars/109/576/359/101/895/681/original/68d7e11cefddd065.jpeg)
@marek yeah, I also deployed Pangolin yesterday and it works fine. It's not the ideal solution, but I honestly want to avoid another side project right now...
@marek my pangolin setup (deployed on a super cheap upcloud VPS in Warsaw) seems to be way more performant than using tailscale funnels, so perhaps this setup is fine for many use cases. But do I want to access e.g. Jellyfin or Immich this way, probably not. But both I can access via (plain) HTTP and LAN IPs as well, so it's not really an urgent issue. Just would be nice to have a general and easy to deploy (and recommend to others) solution.