- `internal.thegeneralist01.com` and `archive.thegeneralist01.com` are
not public. I have Split DNS enabled on them (in Tailscale), with the
IP of the DNS server set to a private Tailscale IP of my home server;
- CoreDNS (also on my home server) is used to resolve the two private
domains' IPs to the home server itself;
- nginx only listens to its machine's (home server's) Tailscale IP;
- Therefore, all of it is hermetic!
TheGeneralist
572647d7c4
