You're right actually it's not native I don't know what I'm on about 😅 Still it's much easier to have a baked in terminal app than having to install proot on top of termux, hopefully it will have less of a performance impact than proot as well.

yep

In my opinion it's the best solution because there's a really low attack surface plus it makes it easy to control which device has access to which services.

Not any in particular but mTLS is essentially just a reverse proxy (like nginx) asking a client for a certificate to be able to access the service behind it.

There are quite a few guides out there, so choose one for your reverse proxy of choice!

Tailscale is simpler but when you're accessing from devices behind VPNs like I do mTLS is a lifesaver.

I use DAVx⁵ for caldav (supports mTLS)

I find mTLS cool too :P

In terms of being a pain it's not that bad with nginx in my opinion. I can just build my own certificate for each service I expose or you use a common one, giving read only access to the key for my nginx containers and in two lines in the .conf it's sorted.

I was having a lot of trouble keeping port forwarding stable before this change with protonvpn too. Probably the best change I've seen with gluetun so far!

Yes, if a port is set in the port forwarding section for the qbittorrent preferences in the webui (once one is set it stays until changed), the green globe means it's working.