There are many, many, many specialized enterprise applications out there that are windows only.

I use a combination of both. SSD’s to store read/write intensive data. In my case, I run multiple VM’s and store the primary VHD’s on SSD’s. HDD’s for stuff where space matters more than speed, like digital media and local backups.

Every time I think about hosting my own mail server, I think back to the many, many, many times I’ve had to troubleshoot corporate email systems over the years. From small ones that ran on duct tape and prayers to big ones that were robust, high dollar systems.

98% of the time, the reason the messages aren’t coming or going is something either really obscure or really stupid. Email itself isn’t that complicated and it’s a legacy communications medium at this point. But it’s had so much stuff piled on top of it for spam and fraud prevention, out of necessity, and that’s where the major headaches come from. Honestly, it’s one service that to me it’s worth paying someone else to deal with.

deleted by creator

If you’re not hosting any publicly available services, then no. A reverse proxy would be unnecessary. You can just just set static records in your DNS server that tell it which internal hostname goes with what IP and it will relay that info to any device on your local network that requests it. Even with a Wireguard connection, you can tell it to use the DNS server from your local network.

Set up a VPS. Create a VPN tunnel from you local network to the VPS. Use the VPS as the edge router by opening ports on the VPS firewall and routing incoming traffic on those ports through the VPN tunnel to servers on your local network.

I used to do this to get around CGNAT. I ran RouterOS in a Digital Ocean droplet and setting up a wire guard tunnel between it and my local Mikrotik router.

It will obscure your local WAN IP and give you a static IP but that’s about the only benefit. And you have to be pretty network savvy to configure it correctly.

It does not make you immune to DDoS attacks and is honestly more headache to maintain (albeit just a small headache).

I have a firewall rule to dst-nat any outgoing DNS requests not coming from piHole back to the piHole server. That way all devices on the LAN are forced to use piHole for DNS and can’t bypass it. I don’t have an OPNSense firewall but I would think it should be able to do that as well.