Even if you can get the appZTNA stuff to work (which I doubt), how is your infra going to absorb multi Tbit traffic without customer impact?

It all depends on what you do with the box, how the applications you run utilize the cpu (single vs multithreaded/multiprocess but also stuff like cpu cache utilization. if you profile the workload that you want to run (see if its cpu, memory or io bound for instance) will help you in figuring out what works best for you.

Hard to say without proper info

If you want to forward an ssh connection over an existing ssh connection, ProxyJump is the way to go.

This. You need to tune the zfs memory, esp if the box is shared with other applications.

They have some pointers in their documentation: https://webmin.com/faq/

you need to reconfigure webmin to serve you a wss:// url towards that websocket. The second S in wss stands for securitah! :)

Definetely! In your case I would get a vps from somewhere and host from there. Cloudflare is not going to work around your power issues. Some caching CDN might, but that would make the service read-only

Mja, business decisions are up to you and your clients. This sub is about selfhosting, so you can expect answers that are about, well, selfhosting ;-)

Objectively you reduce your attack surface if you actually self-host wireguard, since you dont control 3rd party products, and cannot give any guarantees wrt their security.

Unpopular opinion, yes, but security > convenience ;-)

Start by reading what DNS can do. Good luck!

My life became less stressfull since I started to depend less on technology. I do need a playground to keep my skills sharp tho.