I agree that straight up using Tailscale would likely be easier. But to answer your question, you’re looking to “push routes” because what you actually want to do is “route” but that’s kinda hard to Google haha. This looks maybe promising: https://forums.freebsd.org/threads/wireguard-how-to-route-another-subnet-through-it.89744/

This approach largely works, with the caveat that it then requires you to always be on the tailnet. If someone wants to connect locally AND via tailnet using the same URL, they’ll need to push/advertise routes (or do some other hacky thing)

Right now, I’ve only got the spoons to provide rough guidance, not details. In order to use non-tailnet IPs, you’ll need to configure your tailnet host to “advertise routes/push routes”. In more laymen terms, tailnet needs to say, “hey network client, I do know where 192.168.0.69 is! So I can route that request”. By default, each tailnet host only advertises the other tailnet hosts. Anything else fails.

Also, I really appreciate how detailed your question is!

idk if this is a programming specific question. It feels more like “perfectionism” or a low-level OCD. For the programming piece, using some sort of task tracking system might be helpful. For example, after a task has been completed (aka a solution was found), move on to the next predefined task.

Another vaguely related term: premature optimization

To add, here’s an example of my OpenVPN config addition to ensure 192.168.3.* is accessible over VPN

verb 5
push "route 192.168.3.0 255.255.255.0 vpn_gateway"

I’m literally a software dev working for a top company and I can barely use git on the CLI. I do all of my version control operations using a GUI, so there’s no sense in gatekeeping any of that. This is true of both my work projects and personal ones. It’s cool if you prefer the CLI, but it is absolutely not a required skill in order to have a successful and meaningful career.

Awesome! Thanks for the detailed update, and I’m glad it worked well for you!

Where is your VPS located, and which Wire Guard server are you connecting to?

In your HAProxy config (like in this example), it’s checked from top to bottom. So your top-most frontend case should be the one that checks for the special keyword case. Then, if it doesn’t match the keyword, HAProxy will continue going down the list until it finds a frontend that does match. So your second frontend should match for everything, because if it doesn’t find a match, HAProxy shows an error

Cool, I think that first link will work for you. Then you can just ‘redirect’ for the no-keyword case: https://www.haproxy.com/documentation/haproxy-configuration-tutorials/http-redirects/

Remember, SSL/HTTPS does encrypt the URL path, so if the final website requires HTTPS, your proxy will need to have its certificate trusted by your clients

Maybe have two cases:
For the (matched keyword) case, something like this: https://serverfault.com/questions/729232/reg-exp-for-url-in-haproxy

For the (random routing) case, something like: https://www.haproxy.com/blog/haproxy-configuration-basics-load-balance-your-servers

I am a little confused on your question, though. It sounds like you maybe want 3 cases? Can you try wording it differently?

Generally unique request IDs have to be generated by the client that sends the request. If the client doesn’t generate an ID, you’re probably out of luck. That said, do you have information about the client you’re expecting to call your Squid cache? One unofficial, but common place for clients to put a request ID is in the header “X-Request-ID”