Gateway
Public IPv4 entry point for all requests.
Single choke point
The VPS is the public gateway: it terminates TLS, routes traffic into WireGuard, and controls what becomes reachable from the internet.
Routing
Forwards traffic into the tunnel toward homelab services.
Policy-based routing
Observability
Central logs and monitoring for exposed endpoints.
Audit & visibility