This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/kwestionmark on 2025-07-18 03:08:09+00:00.

Hey everyone!

I am a relative newcomer to the HomeLab/Self-Hosting space and was hoping to get some guidance/advice on properly securing my server. For background, I’ve been running a Plex server for my family with Sonarr/Radarr/Overseerr for a couple of years now. Overseerr was the only app I was exposing to the internet, and I simply used port forwarding and a custom domain/DNS with Cloudflare to allow my family to request movies/tv. However, I have recently started messing around with Docker, and now have some more apps that my wife and I would like to be able to access outside of our network. Here is what I currently have setup, and would appreciate any advice on what further steps I should be taking to keep things as secure as possible:

1. All apps running on a single local machine behind a basic router (haven’t done any special configuration other than opening port 80/443)
2. Using NPM as a reverse proxy + Cloudflare Tunnels w/ my custom domain/subdomains
3. All apps running on my machine (even ones not exposed to the internet) are behind at least a basic username/password check

When I type it all out, it doesn’t seem like enough, but I’ve also searched through previous posts on this and the self-hosting sub where people say a reverse proxy + tunnels is good enough. I’ve started looking into apps like Authellia and tinyauth, but I’ve been a bit overwhelmed by the setup. So I guess my primary question is this:

What solution finds the best balance between simplicity (as a newbie) and security? I am open to any and all suggestions + constructive criticism of my current setup!

cross posting from r/homelab for more visibility