Question to #selfhosted people: an obvious thing you may want to do is expose your local (web) services both directly on your LAN, but also from the outside. VPNs are a bit of a pain, and a device memory drain. A solution like Cloudflare zero trust tunnels or Pangolin offer a way of Internet tunnels, but I don’t think you can make them transparently use local network connections when at home? Technically it should be possible have a Internet exposed endpoint running, get TLS certificates there, but also transfer them to a server inside your LAN and through DNS overrides send all traffic through that local LAN server (with the same cert) when at home? Is there anything out there that works this way?

Seems like an obvious idea. Asking before I prototype it myself.