Lemmy

It is very possible to do this! What you need to do is to rent a low-end cloud VPS. Even a 5.00 digital ocean droplet running Ubuntu Linux would do the trick. Then you run an NGINX Proxy Manager reverse proxy with a WireGuard tunnel to the machine that will act as a server for your instance. From there you, you simply set up Let's Encrypt certificates to use with your intended domain. Even though I am not behind CGNAT, I do this and it works very well.

EDIT: If you intend to do this entirely in open source and need some help, I'll offer it. I am pretty passionate about open source and helping others out along the way.

It would need to be accessible from the outside and you can use Cloudflare Tunnel to make that connection.

Well, you can't get updates from other instances without it being connected to the internet and reachable. So for your usecase you do need it connected to the internet. On the LAN you will only be able to see other instances on the same LAN.

My understanding is that ActivityPub is designed with the expectation that servers can look one another's names up in DNS and initiate TCP connections to one another.

So even if all of your end-users are on your LAN, your instance still needs to have a public address that's discoverable in DNS, etc.

You might be able to rig this up via tunneling, but you'd still need a public address on the other end of the tunnel.

Your service should be able to reach out of your lan to serve you content. I assume you’re running this as a local service on your PC or as a docker container.