If you don’t have young kids, you don’t get sick nearly as often. It’s not like having a sick kid at home is a vacation. I don’t begrudge my coworkers their time off for illness or supporting family members with illness.

Well yes, it is one hop, because you’ve got the router doing TLS termination. Inside your network you point to the server that has the TLS certs. Outside of the network you do port forwarding, or use a tunnel with cloudflare agents.

Why is the router involved at all? It’s all local traffic. The external traffic comes through the cloud flare tunnel, right? Maybe I’m not understanding the architecture you’ve got.

It’s possible but it’s an extra pain in the butt.

Internally, have you tried pointing the DNS directly to the ngnix server, not the router? There’s no reason to have that extra hop (I don’t think).

If you are establishing a TLS connection to a server, the server will need a certificate. It sounds like you’re trying to have two instances of a reverse proxy - one on the server, and one on the router. It may be my ignorance of the particulars, but my immediate thought is that you should select one point in the network to do reverse proxying.

What brand are those power strips? Last time I went shopping for power strips, they were all the rage and I could hardly find one WITHOUT that feature. Today, several years later, I can’t find any. Except, perhaps, some Chinese ones without safety approvals. I need one for my tv.