Here is my setup:
I have multiple DuckDNS domains (and subdomains) pointing to my home IP. My home router has port 80 and port 443 forwarded to Nginx Proxy Manager on my home server. Nginx Proxy Manager points to the appropriate docker container and each one is encrypted with Let’s Encrypt.
Am I missing anything here or is this how I’m supposed to be doing it? Every app that has a DuckDNS url has a password in some shape or form.
AFA fail2ban, I always set up the jails in aggressive mode:
[sshd] mode = aggressive enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 5 <---edit to tastes bantime = 3600 <---edit to tastes findtime = 600 <---edit to tastesYou might want to check out Crowdsec, maybe deploy Tailscale as an overlay. How many users are you providing services for? If just yourself, I use the host allow / host deny feature in Linux. Just make sure you do host allow first, lol.