usually i add more than 1 ip and also vultr firewall can be managed to change ip. tailscale can be used as well. there are options!

if you configure ssh access only from your home ip - then fail2ban is not needed.

sorry, this is kinda like a firewall, but protecting websites, so many vulnerabilities are filtered out. it does not protect you 100% percent (nothing does). it might be hard to setup, in that case there is an option to use waf as a service, i.e. - cloudflare has such offering, maybe there are others as well. i have looked into vultr - they seem to offer only a “usual” type of firewall, not http/application based.

Get some WAF for the public facing app, maybe at least https://github.com/nbs-system/naxsi .

lemmy ;)

this is very simple solution i have used to clip entries in: https://github.com/blinkinglight/go-journal2

probably could fit into fly.io free tier. also as others have mentioned - oracle oci provides a nice free vm, which can be shut off if usage of resources is low, but you can workaround it by increasing a volume a bit more than free tier allows and pay something like a 1-2$ for it monthly.

Ages ago there was such a tool - Webalizer and everybody was using it :) not anymore…

using mostly operator from percona for kubernetes, sometimes just a simple deployment. Running postgresql for Lemmy from docker-compose as a container.

it works fine, depending on popularity of your instance - you might have to add more resources in the future.

as for aarch64 - there are docker images available for lemmy and lemmy-ui