Looks to be a java application with a number of services running alongside- I don’t think it’s going to be lightweight to run on resource constrained devices, but sweet project anyway! (Side note, no clue how you engineers find the time to hack on things like this, I feel like I’ve got so little time to myself I cannot imagine dedicating it to a project like this)

How does it not mitigate the danger? You are putting a secure web server in front of the tunnel rather than basically all traffic being forwarded to the port?

It’s probably a bit dangerous to expose your internal network in this way. If you really want a server running at home, there are interesting services which provide that for a fee, or you could set up a “reverse ssh proxy”.

It’s easier to do on some flavor of Linux, but you will set up a background service to ssh to a cloud server you rent, which links a local port on the cloud server to a local port on your home computer. You can then run a web service like caddy server on the cloud server to securely serve this port.

I realize this sounds rather complex, but something to look into and learn.

Your Caddyfile on the cloud server will look something like this:

my_subdomain.my_domain.com {
    reverse_proxy / {
        to 127.0.0.1:8081
    }
    encode gzip
}

And the service on your local will look something like this:

[Unit]
Description=Keeps a reverse tunnel to '<your cloud server ip>' open on port 8081 on the remote server
After=network-online.target

[Service]
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -N -M 10986 -o "PubKeyAuthentication=yes" -o "PasswordAuthentication=no" -o "ExitOnForwardFailure=yes" -R 8081:127.0.0.1:8080 root@<your cloud server ip> -i <path to your ssh key> -p 2097

ExecStop=/bin/kill $MAINPID
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

You will have to allow ssh on a non standard port (arbitrarily 2097 here), that way you can still use ssh on the standard port 22. I have some services running like this through a NAT for years.

Guessing you don’t run a couple docker containers to support local development;-)

Parsing poorly documented c spaghetti code is not a good vehicle to learn programming anyway though. The root issue here is the fact that interop between open source software and other oss, closed source software, and firmware is a headless beast where each user has to take on the project manager role.