Inspired by this comment to try to learn what I’m missing.

  • Cloudflare proxy
  • Reverse Proxy
  • Fail2ban
  • Docker containers on their own networks

Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?

  • @[email protected]OPEnglish
    215 days ago

    Does adding 127.0.0.1 make it so only that server can access it or what? I’ve seen that but not understand

    • ChewyEnglish
      114 days ago

      Yes. 127.0.0.0 is the localhost. This is the IP the container is listening on. Even if there was no firewall it wouldn’t allow any connection except from the host. If it’s set to 0.0.0.0 it means it’ll allow connections from any IP (which might not be an issue depending on your setup).

      The reverse proxy runs on localhost anyway, so any other IPs have no reason to ever have access.

      • @[email protected]OPEnglish
        210 days ago

        Yes. 127.0.0.0 is the localhost. This is the IP the container is listening on. Even if there was no firewall it wouldn’t allow any connection except from the host. If it’s set to 0.0.0.0 it means it’ll allow connections from any IP (which might not be an issue depending on your setup).

        Thanks for explaining this!