Just buy the lifetime Plex pass before the price goes up then.

If you have Plex pass you dont have to worry about it. Others can still remote play from your server free. Actually more so because the mobile app is free for them too now.

You convinced me I need to appreciate tailscale somehow even more than I do.

services.tailscale.enable = true;

If its just a simple static page. Just use cloudflare pages. It scales to zero and would probably be completely free for your use case.

Vercel is even easier to setup but they don’t allow businesses on the free tier so it would be $20 a month for pro plan.

From what I understand running high bandwidth things like video streaming through cloudflare tunnels will get your cloudflare account banned or charged (which is why they require payment info to setup tunnels).

Best to keep things like emby, jellyfin, and Plex to tailscale or just open the port.

Idk how emby works but with Plex I feel pretty safe having port open. Since any logins have to auth though Plex’s servers.

Not really directly answering your question here so feel free to ignore me. But if I’m understanding right your setup sounds like a more complicated way of doing what I am.

I put tailscale on all my devices. And in every docker compose for the ports I do. TailscaleIP:hostport:containerport

So nothing can be access on local network at all. Only through tailscale. Which I can access from any of my devices locally or remotely without opening a port. All E2E encrypted I’m pretty sure. The only con is having to trust tailscale.

I do keep Plex port open for friends though.

I was trying out Locus and seem pretty good. But looks like its not maintained anymore. ☹️