Made my FreeBSD server at Netcup ready to host multiple isolated applications with automatic https via Let's Encrypt.
Internet → Server → PF firewall → Caddy jail (reverse proxy) → Individual application jails
Each app gets its own isolated jail for security, while Caddy handles all the routing and https. PF keeps the front door locked.
All of course with IPv6 first, where every Jail has it's own public IP address and using NAT for legacy IPv4.
Love how FreeBSD jails make this kind of segmentation so elegant.