Let me tell you about the theory of my weird homelab imagination.

I want to run a rack server in an undisclosed location, with a dynamic IP address. I want it to be flexible so it can be easily moved and resistant to deplatforming. It will host public websites.

It consists of two essential parts: "keystone" and "decoy"

"keystone" is the entrypoint of my rack - one big http server (running caddy, not nginx), that routes traffic to hostnames within my internal network.

"decoy" is a cloud VPS, running nginx, which streams requests to the keystone over WireGuard.

DNS is all pointed at "decoy".

From the outside, it looks like the cloud VPS is hosting the sites. In reality I pay them very little money to just transfer data, and I can easily switch to a different provider. As a result, I get a static IP and a layer of protection/obscurity from the VPS, but the rack will continue to "just work" even if the decoy is changed or even removed. Only DNS entries would need to be updated.

This is not exactly groundbreaking. I know people have used VPNs to route traffic for decades. The main thing that's new is just my weird terminology for it.

To connect the "keystone" and the "decoy" together... I call this "trepanning".

I want to make this easily reproducible so others can copy my setup. Later I will release code and a guide.