I wanted to avoid VPN both for my main working/dev machine and clients. What if VPN does not go up after hard reboot due to some weird loading order while I'm not logged in (e.g. electricity failure)? Both that machine and Guacamole/NGINX host are configured to autostart after powering off. This is the first thing I tested. For clients, I do not want to have VPN on each of them. And what if I need to use a random machine? Multi-layer opaque https endpoint seems safe enough.
Fair point, I have a pi 4 running pihole and wireguard so starts up and runs everything on power.
Also boot disk is on zfs so scrubs each week incase of microsd corruption.
The Wireguard in Docker automatically generates new client configs from ENVS.
I'm about to leave a system running on a pi 4 for a few months. Any details on your advice? Based on cursory googling [1] your setup looks non-trivial>
