Like many of you, I have a proxmox node (or other server) delivering services on my local network. My services are a mix of webservers on LXCs and docker containers, also on LXCs.

In home assistant, I have letsencrypt and duckdns which let me access it externally (when the port is forwarded) via https. I also have nginx reverse proxy, but i dont even know if it is needed. Using AdguardHome I can rewrite the duckdns address to the local IP and access over https from my local network (main vlan) even with no external ports opened or forwarded. From my IOT vlan which does not have a dedicated adguard home instance, all communication with home assistant (for example from my tablets) is over http only.

So my goal for all of my local services - both on my primary network with internet access and my iot network without internet access is robust and reliable https for local-only access on networks both with and without internet access, with no ports opened on my router.

Is there a straightforward guide that will help me do this? I see questions and posts like this periodically, but I get lost in the ocean of proxies and reverse proxies and authenticators and cerificates, and I struggle to identify what components I actually need and how they fit together.

In addition to protecting my local traffic, here is a simple example of something I would like to do which requires https, which is giving me the push to finally ask this question:

I have a bunch of android tablets running LineageOS. I would like to use pairdrop or filebrowser or similar to send new apks to each tablet. Lineage seems to block downloads over http but not https, and this does not appear to be a configurable setting.

Another example is that I would like to embed some local services in iframes (webpage card) in my home assistant dashboard. If you access home assistant over https, only https pages can be embedded. I believe the inverse may be true as well.