Inspired by this comment to try to learn what I’m missing.
- Cloudflare proxy
- Reverse Proxy
- Fail2ban
- Docker containers on their own networks
Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?
You must log in or register to comment.
To add some points, that I do:
- Proper logging: So I could realize something unusual is going on
- rootless podman container: harder to escalate privileges and gain root
- Apparmor: same, plus it could trigger suspicious log entries