Inspired by this comment to try to learn what I’m missing.
- Cloudflare proxy
- Reverse Proxy
- Fail2ban
- Docker containers on their own networks
Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?
You can do that by joining the containers to the same docker network, you don’t need to expose ports even to localhost.
I mustn’t be communicating well, but that’s fine.