@kronicd Unless android has implemented DHCPv6 and nobody is talking about it, no, no it’s not. It would still need me to route the entire /64 to one network after all for SLAAC.

Unless you’re suggesting I install more-specific routes on the other networks? maybe a /65 or /66 on them? But in that case, wouldn’t the main network, with it’s full /64 prefix, have issues reaching those other hosts… hmm. Unless I deploy it with ULA addresses too. And treat the GUA addresses as just for internet connectivity.

Might still have to NAT66 it for other networks that may see android devices…

Might experiment with it once my opnsense box arrives I guess. Don’t want to muck around with that on openwrt.
I just wish I got like a /60 at least.

I suppose tunnelling to a VPS is one option, but I’d rather use NAT66 over that because it’d have better throughput/latency.

I feel like I’m missing some EASY thing; like can’t my apache2 just route the bitwarden.domain1.com traffic to another local IP address…

Yes. It can. https://httpd.apache.org/docs/2.4/vhosts/name-based.html

If you’re going to be jumping straight into text based config files… Caddy’s Caddyfile format is a lot easier to work with then nginx configs IMO.

Cloudflare tunnel free is pretty good, and I use it for my on-prem (in house) services because it can work through CGNAT, though you are subject to the standard cloudflare terms of use.

On the other hand, what you’re looking for is called a reverse proxy. I’d recommend Caddy or Nginx Proxy Manager for you.

I personally use Traefik, but I’m also running on a kubernetes cluster so…