I expose most things to the web so long as they have auth and 2FA options. The one exception being my Jellyfin server. I share it with friends and needed to make it as easily accessible as possible.
With Cloudflare WAF, reverse proxy, and an isolated subnet with IDP I feel comfortable with public services. Nothings perfect but if they get through it and pwn my lab I’ll just nuke it and rebuild.
I expose most things to the web so long as they have auth and 2FA options. The one exception being my Jellyfin server. I share it with friends and needed to make it as easily accessible as possible.
With Cloudflare WAF, reverse proxy, and an isolated subnet with IDP I feel comfortable with public services. Nothings perfect but if they get through it and pwn my lab I’ll just nuke it and rebuild.