To drop the links to make it easy for @Rogue-agent to find. Quoting myself here. Also all posts contain indexes to each other. If you want my rambles as I did so the blog has it.

Links to Infrastructure Series and Blogs:

Blog: Phaselockedloopable- PLL's continued exploration of networking, self-hosting and decoupling from big tech
Series 1: Infrastructure Series -- Native Dual Stack IP4+IP6
Series 2: Infrastructure Series -- Wireguard Site to Site Tunnel
Series 3: Infrastructure Series -- Recursive DNS and Adblocking DNS over TLS w/NGINX
Series 4: Infrastructure Series -- NGINX Reverse Proxy and Hardening SSL
Series 5: Infrastructure Series -- Taking DNS One Step Further - Full DNS Server infrastructure
Series 6: Infrastructure Series -- HTTP(S) Security Headers! You should use them! [NGINX]
Series 7: Infrastructure Series -- Use NGINX to inject CSS themes

Theres a lot of other people in there that might be able to help you more than I. I have a lot of travel coming up and im giving talks at universities and stuff. So im more just on my phone and unable to hand out anything significant. I hope this helps you.