I suspect most people open it via subdomain or cloudflare tunnel and it seems secure enough. Haven’t seen reports of people getting hacked left and right.

VPN Certainly is more secure and works for a few people but becomes annoying if you have users that don’t want to mess with a VPN. It also helps if you want to make a public share link to someone without an account.

Lemmy needs a best comment section like reddit had

Wireguard uses public and private keys which are designed from the ground up to be used over plain text to establish the handshake so it isn’t an issue. Same idea with ssh keys and ssl keys

Split tunneling with wireguard is probably the best way for this.

There are many tutorials, here’s an example: https://ssh.sshslowdns.com/wireguard-split-tunnel-config/

This will let you have some things on wiregusard and some not

You do not need anything else. DNS requests are all sent over Wireguard with encryption

Use ddns on your router with a domain so you can then get something like wireguard.example.com and then use that as the endpoint in your wireguard.

Set the wireguard DNS as your pihole.

To make life easier set your home network IP space to something that another WiFi would never use, ie 192.168.46.xx

That way it will never conflict if you are on a public WiFi and you can access anything on your home lab when you need.

I’ve been using this setup for years on laptop, phone etc

I haven’t tried them but some people have made templates for obsidian

https://github.com/martinjo/obsidian-gym-log

Freecad in a VM with a remote viewer like guacamole?

OwnCloud rewrite in Go is way better

https://owncloud.dev/ocis/