I've done something similar to the author but with only ufw and port forwarding.
My closet server is set up with a cron job that runs daily and updates my domain's dns on Cloudflare to my currently allocated dynamic ip.
U
Port forwarding sends the 80/443 requests to my closet server.
Closet server only accepts 80/443 requests from Cloudflare's published ip addresses via ufw rules so that all traffic must pass through Cloudflare to be accepted.
Nginx on closet server routes it to the appropriate internal port for that service.
Maybe someone has broken into my home network, but I hope this solution works relatively well!
My closet server is set up with a cron job that runs daily and updates my domain's dns on Cloudflare to my currently allocated dynamic ip.
U Port forwarding sends the 80/443 requests to my closet server.
Closet server only accepts 80/443 requests from Cloudflare's published ip addresses via ufw rules so that all traffic must pass through Cloudflare to be accepted.
Nginx on closet server routes it to the appropriate internal port for that service.
Maybe someone has broken into my home network, but I hope this solution works relatively well!