Well the VPN connection depending on what technology you use will still need to connect to the Public home IP, which is probably dynamic, which means that you’d probably need to use Dyanmic DNS to keep it connecting properly.
As far as someone just connecting to the reverse proxy the Home IP shouldn’t be visible at all. I just mean it wouldn’t hide well were someone really trying to find it.
I’m not sure I’m explaining this well. I haven’t had coffee yet.
It’s not a perfect solution but, and requires some sort of VPS, but you could run a reverse proxy on a VPN, site-to-site vpn from the VPS to your Homelab, and point your reverse proxy to the services over said VPN.
I do something like this. However, it doesn’t completely hide your IP.
So the software you’re looking for is a Reverse Proxy (nginx, traefik, caddy… etc. there are tons), a VPN (Wireguard, OpenVPN, StrongSwan (IPsec)), and more than likely some sort of VPS. My Linode VPS costs me $5 a month. They constantly have sponsor deals that will get new users free time though.
Hope that gets you started.
That’s ok we have /c/linux now.
I did this for a while with single GPU passthrough, Although keeping it working didn’t seem to be worth it in the long run.
Well in that case, tailscale is running as a daemon, so it effectively is doing it’s own little Dynamic DNS.
I suppose the point I’m trying to make is SOMEONE has to know your public Home IP. In the case of using tailscale, it would be the tailscale servers. But you would be correct that I don’t believe it would be published to any public DNS servers.
In my case, I’m using cloudflare for DDNS.
The solution I describe comes with a bit of risk acceptance (just like anything else really).