Is it small = Yes
Is it basic = Yes
Is it Functional = Yes
Big W

My mini pc hypertrain contains 3x Beelink S12Pro Proxmox HA Cluster

If you open your login page to internet without security, someone one day will have a field trip inside your NAS files and will find all your “i know what you did last summer” photos.

I do have DS423+ and i am too using Cloudfare tunnel to access it from anywhere.

My CF Tunnel setup done like this:

Domain: nas.example.com points to http://1.2.3.4: and i have 2 access rules added.

One of these rules NEEDS to match otherwise - “You Shell Not Pass”
#1: Public IP needs to be matched as my public IP
#2: Person who wants to login needs to authenticate via Google Authentication. Google authentication needs to match test1@gmail.com or test2@gmail.com

While i am at home, i use nas.example.com to access my nas instead of using its local IP and cloudflare allows access with no questions asked.
While i am outside my home network i get asked to authenticate via google and gain access this way.

+CF Tunnel adds https automatically for me.

I don’t use any firewall setup or any other rules inside NAS.

I have 3x n100 16gb ram as proxmox cluster. Have bunch of VMs, containers going. So far, 3 months in and not one single issue. And all 3 going at full tilt still uses less power then my previous single server setup. One of these n100s even have 3x proxmox virtualized where I tinker with cluster, ha, ceph, zfs and other stuff … Like sandbox, before I move to live.

Inside tailscale admin panel, under DNS settings you can specify which DNS server to use. I think by default that option is off.

I got my ON and pointing to 192.168.178.136 which is pihole. This options forces every device in tailsnet hit Pihole for DNS .

Not cool Plex, not cool.