Also recommending using a DNS server that points `*.yourdomain` do your reverse proxy's IP. That way requests skip going outside your network and helps for ISPs that don't work with "loopback" DNS (quotes because I don't know the proper term)

You can then set your DNS in Tailscale to that machines tailnet IP and access your servers when away without having to open any ports.

And bonus, if it's pihole for dns you now get network-level Adblock both in and outside the home.