Inspired by this comment to try to learn what I’m missing.
- Cloudflare proxy
- Reverse Proxy
- Fail2ban
- Docker containers on their own networks
Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?


I do the same, but with Wireguard instead of OpenVPN. The performance is much better in my experience and it sucks less battery life.
I’ve been meaning to learn how to make my own
I found the guide/examples on their website a bit irritating at first (that’s on me) but it works well once understood and configured.
Thanks! I’ll do that