@tinsuke That endpoint gets a LetsEncrypt cert, anything with auth usually requires openId.I've got fail2ban on one service as it came as a feature. Been contemplating putting it in more globally. Also, as much as possible, single responsibility services. The proxy does proxy stuff. The web server does static pages. Other services are containerized and individually secured and isolated as much as possible. GrayLog is for monitoring, doesn't itself secure anything. But does let me know what to focus on.. (when I monitor the relevant info )
