Let me work with the excerpt provided: [Tailscale + Traefik + Private CA: A Hybrid Approach to Homelab Networking | cross-cutting] The author runs a hybrid networking setup combining Tailscale (mesh VPN), Traefik (cloud-native reverse proxy), and a private CA via OpenBao (open-source fork of HashiCorp Vault). This architecture allows secure remote access to homelab services while maintaining proper TLS certificate management. Tailscale provides encrypted mesh networking without port forwarding, Traefik handles routing and automatic HTTPS, and OpenBao issues trusted certificates for internal services. The setup enables accessing services via custom domains with valid certs both locally and remotely through the Tailscale network, avoiding self-signed certificate warnings while keeping services unexposed to the public internet.