the best solution would be for people to make a service 💡

This is the service: a simple wireguard VPS attached to your personal DNS name (could be some delegated subdomain too) with a firewall/reverse proxy configuration that lets you forward subdomains or ports to one of your wireguard clients at a specified port

then you run your nsecbunker on your own machine listening on that port and you are always in control, just need to close it or have an auto-time-out and it's safer than the alby... could even be running on a dedicated little shitty ancient rpi

i run my test relay this way, using a reverse proxy pointing to my dev machine on the port it listens to by default, i get loads of traffic from clients that pick up the relay address from my relay list and from client event entities, most of them don't use nip-42 auth tho, i have it required so it refuses to send them answers if they don't auth