I find it hard to model the flow of this stuff and it can be hard to get a sense reading through the product offerings, maybe I can ask and you'll know enough to give me an overview?
Currently I run a server on a digital ocean box I access via a custom domain with a let's encrypt cert (too much detail about this setup is here: https://zalberico.com/essay/2020/06/06/urbit-on-the-cloud.ht...). It'd be cool to have this run on my home Mac Mini and just access it from the web.
What is actually going on to require this? I still need the custom domain, but now that custom domain is routing somewhere else right? Either to some software that's still running on digital ocean that handles this (wireguard?) that I'd have to configure or some service that deals with this? What are the actual pieces that are required for this to work and if you wanted to do it and control it yourself what do you need to know to do it safely?
Any pointers in the right direction/high level explanation would be helpful - there are a lot of unknown unknowns when searching or just services you pay for that abstract it away with some tradeoff in control (at which point I might as well just leave it on digital ocean).
I'd say the most important thing, meaning the one with the biggest influence on what you end up doing, is how you connect your home Mac to the internet.
If my understanding is correct, you want this server to be publicly accessible, i.e. by anyone, not just you or a limited, well-defined set of people. If that's the case, you don't need Tailscale, which can be seen more like a VPN.
If you don't have CG-NAT (meaning your home router gets a public, routable IP) you can probably set up port forwarding to your Mac and some script that would update your DNS entry if your IP isn't static.
If you DO have CG-NAT, or for some other reason you cannot forward any ports, you'll have to use something external to at least route the traffic. I've glossed over your link, so this may not work, but you could look at proxying your traffic with Cloudflare. Look up cloudflared. If that doesn't work, then yes, something like wireguard between your DO VM and your home Mac could work.
All in all, I think this is more or less a classic "home server" setup, so you should be searching for "hosting a server at home" or similar.
I have a similar setup. I have a server at my house that I want to be able to access from anywhere.
What I did was:
1. Install Tailscale on my devices (server, laptop, phone, etc.)
2. Setup a cert with LetsEncrypt and import it into Apache. I use AWS Route53, so this was as easy as setting up my AWS credentials and running the certbot cli.
3. Setup a A & AAAA record pointing to my server's Tailscale IPv4 and IPv6 addresses. This is fine even though these addresses are only accessible through Tailscale. You'll obviously still need to be connected to Tailscale, but you can just use your custom domain name to connect.
4. Done!
I use this server for media streaming and file syncing. I manage it with Ansible; I've even have GitHub Actions set up to run my Ansible playbook whenever I commit!
Currently I run a server on a digital ocean box I access via a custom domain with a let's encrypt cert (too much detail about this setup is here: https://zalberico.com/essay/2020/06/06/urbit-on-the-cloud.ht...). It'd be cool to have this run on my home Mac Mini and just access it from the web.
What is actually going on to require this? I still need the custom domain, but now that custom domain is routing somewhere else right? Either to some software that's still running on digital ocean that handles this (wireguard?) that I'd have to configure or some service that deals with this? What are the actual pieces that are required for this to work and if you wanted to do it and control it yourself what do you need to know to do it safely?
Any pointers in the right direction/high level explanation would be helpful - there are a lot of unknown unknowns when searching or just services you pay for that abstract it away with some tradeoff in control (at which point I might as well just leave it on digital ocean).
Thanks!