All you need is Wireguard with IP forwarding allowed on the host, maybe some firewall rules if you have one. You configure your wire guard client to only route traffic for your network IPs. I leave my wire guard client connected 100% of the time.
OLS solves a lot for you that I don’t hear in your OP.
OpenLiteSpeed https://openlitespeed.org/
Host-specific guides (but no hetzner):
https://docs.litespeedtech.com/cloud/images/wordpress/
Very easy, robust, fast.
You can def roll your own sever and solution, but WordPress needs a lot of help. As other commentors said, you need to bypass both the database and PHP as much as possible, via caching.
While a simple redis or valkey store solves that, you’re relying on some integration thru the php layer to make it happen, usually some plugin.
Serving files or otherwise caching directly thru the webserver is gonna make it faaaaast.
Then there’s the question of database writes. Who is writing to your database, where, and how often?
Edit: I see you have editors updating content 1-2x per hour. They should rewrite caches hot on each update so they’re the only ones paying the db latency cost.
If your host is using Debian / Raspbian Buster, you should not upgrade. Due to a bug in the libseccomp2 library, it will run into a startup problem. Read more: https://github.com/louislam/uptime-kuma/issues/41#issuecomment-896164516
I read this, but it seems to be ARMv7 only, per the issue title. A little wary still, tho my docker host is x86. I guess I’ll try running a stand alone test to see if it boots.
Yup. It gets more involved once you start adding DNS and SSL. But if you’re ok typing IPs and you’re not opening your firewall to the public, it’s all you really need.