Assuming you’ve worked through this, then there’s only a few other easy things to do:
- Use a reverse proxy server for SSL. Using a proxy server allows you to do filtering there, rewrite requests, limit access, and more. You can take this up another level by using one with WAF (web application firewall) capabilities.
- Don’t use port 443 or 8123, or another common port. No, this isn’t security, but if you pick a random high numbered port it cuts down on the number of people that will find it. It’s hard to pick a lock you can’t find.
- Deploy the likes of fail2ban on your proxy server
- Consider only permitting remote access to the bits you need - I use my proxy server to only allow remote access to webhooks. If I want remote access to the UI I’ll just use my VPN, which brings me to…
- Use a VPN for remote access to the UI
- Keep an eye on the proxy logs for signs anybody has found your server and is attempting to compromise it