Introduction Welcome to Part 5 of this homelab series! In the previous parts, we've built a Debian server, deployed a full suite of services with Docker, and set up a high-availability DNS network. But one critical piece is still missing: end-to-end security. Until now, we've been accessing local services via http://grafana.local , which browsers correctly flag as "Not Secure." The common solution is to open ports 80 and 443 on our router, but that exposes our server and home network to the entire internet—a huge security risk. In this guide, we'll walk through the ultimate solution: using a Cloudflare Tunnel and a public domain to get 100% free, valid HTTPS certificates for all internal services, all with zero open ports on the router. We'll also lock everything down behind Cloudflare's Zero Trust platform, so only authorized users can access them. Chapter 1: The Domain Advantage To make this work, a public domain (e.g., your-domain.com ) is required.…