Thing is, you grew up in the pioneering age of computing, and in that time you needed to do everything yourself. This gave you a bunch of skills for free, that are hard to do today, because most of the hard stuff is automated away and snuck behind a gui and/or containers.

DHCP assigned IP address.

CG-NAT

ISP-blocked ports.

Some of us had to hide our services behind vpn. As the last time I had my webserver exposed for to have others see my test site (I test internally before moving to public servers) I was dropping over 5000 connections a second that was trying to login to my page.

So my little server was getting hammered, and my other traffic started to get effected.

So you might be fine, others might have constraints that are not common.

Been trying to expose my nextcloud server remotely for a week now - truenas scale to cloudflare tunnel. I need a friend who’s good at this shit. Every guide I go through leaves out major steps and I find myself needing to keep learning and getting different aspects of my setup dialed in.

Bought a domain, added ddns to OPNsense, setup letsencrypt certs, etc. Now traefik ingress is the thing that’s most confusing to me. Added certissuer to add certs to my k8s. Now I get errors when trying to clusterip and reference certs. I’ll get it one day …I hope.

You use Cloudflare to proxy, or in other words, hide your IP. Anyone can hit your DNS records, grab your IP and start DDOSing or hacking on it. They also have some nice features to force security features like HSTS or WAF rules. I’d recommend looking into it, not proxying your public IP is an amateur move. As for using NGINX proxy manager, consider using standalone NGINX and writing your own configuration files. There’s a pretty big security issue with it the lead developer refuses to patch.

Some people are cautious, and some like to live dangerously and just don’t care to get hacked. If there is no need to expose publicly, why would you take the risk. If you do, you better be 99.99% sure that your setup is secure. Some people are, and a lot think they are.

Well many ISPs have started to use CGNATs so static IPs have become/will become a rarity. In this case exposing your service to the internet is not so straightforward. But if this is nitpicking, in general, networking, proxying, port forwarding etc., have a steep learning curve. So when people, who are just starting out, hit a wall and post a query here it might seem like they must go through hell before they can achieve what they want.

Also, another thing is security. Even if it’s easy to expose a service to the public internet, given the cyber climate, it’s quite important to go through a few hoops to make sure you do it securely.

You are self hosting probably open source stuff you found on GitHub. It’s probably not commercial but community based. I support opensource but they don’t have as much resources to make sure the services are fully secure. That’s one thing.

The second thing is you like tinkering but you probably haven’t researched anything about cybersecurity, it’s a full time job.

The only sliver of hope you have when opening a service online is to hide your ip and setup some access rules. You chose to not even do that.

If you hook up cloudflare tunnels, you’ll quickly notice how many bots check your ip/domain, all the freaking time.

I use their WAF rules extensively to limit access to my server to a few IPs for my family and friends.

I’m just curious to know what situations necessitate all the extra hassle.

You want someone to summarize all the things the internet does?

I don’t think that’s going to teach you the most valuable lesson of all, and badly needed in this case… humility. All the best people I’ve worked with have been the most humble. They know how little they know.