Comment by cyberpunk
2 months ago
I find life quite a lot easier doing just that, have a little free|openbsd gateway vm on the public and internal networks, and just have all your vm's on the internal network.
Also means you can get by with just one internet ip with something like haproxy or relayd working on SNI (or just simply throw all 443 to a web server which then routes on host header or.. whatever), which saves some cash.
Since it's for personal stuff, I can't really be arsed setting up ipv6 on it either.
Yeah, I installed Caddy to reverse-proxy with https both the proxmox interface and a few services in the "internal" ip range. In retrospect, I really wish I'd started with a /28 subnet in the first place.