FWIW, there is a use case for boringproxy to be used completely on an internal network, to reverse proxy for self-hosted services on an internal network and then accessing them in on place. With recent changes (as of yet unreleased) you can even use an internal CA server that supports ACME (like step-ca) for generating certificates instead of LetsEncrypt. I’ve been doing this for months now and it works very well.