Ich vermute, es ist Amazon gemeint.
I did avoid them for a long time. Once I started to figure out how to self certify for https NPM became very helpful. DNS challenge does not require you to open any ports. you need a domain that supports dns challenge, though. Pointing cname to local ip of reverse proxy. And some routers may require rebind protection entry for that domain. Afterward: https and nice names for all my local only services.
I would like to run Paperless in my homeserver. While this server is not running sensitive data, this would change once paperless gets to manage all my invoices, bank statements, health docs and so on. So while running my Proxmox VMs and LXCs unencrypted, in this case I'd like to encrypt paperless-ngx data so that if someone steals the machine, manual decryption would be necessary. Does anyone have an idea how to achieve that?