Hi!
I often read suggestions to use something like Tailscale to create a tunnel between a home server and a VPS because it is allegedly safer than opening a port for WireGuard (WG) or Nginx on my router and connecting to my home network that way.
However, if my VPS is compromised, wouldn’t the attacker still be able to access my local network? How does using an extra layer (the VPS) make it safer?
To add to this, self-hosting is also best when you minimize everything - limited service, with limited functionality, on dedicated hardware that doesn’t share access to your internal network or storage. Folks who use point-and-click apps to install a half dozen unauthenticated docker containers, all open to the internet, running on the same PC they store the only copy of their family photos and music/movie collection on… make me crazy.
