So among my services I self host, a few need to be publicly accessible for work. For those I wish to remain private, Caddy only allows private IP ranges, plus then Authelia as auth which is set to 30 days. There is then the login of each service behind Authelia as well. It’s as good as it needs to be for my needs.
If I were only self hosting private services, then as others have said, I would put all access through a VPN.
Edit: I should add that of course the private services are then only accessed via VPN to the router (part of the private IP ranges). Caddy as reverse proxy also obfuscates the subdomain names I use.
So among my services I self host, a few need to be publicly accessible for work. For those I wish to remain private, Caddy only allows private IP ranges, plus then Authelia as auth which is set to 30 days. There is then the login of each service behind Authelia as well. It’s as good as it needs to be for my needs.
If I were only self hosting private services, then as others have said, I would put all access through a VPN.
Edit: I should add that of course the private services are then only accessed via VPN to the router (part of the private IP ranges). Caddy as reverse proxy also obfuscates the subdomain names I use.