This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/FA1R_ENOUGH on 2025-06-13 18:59:00+00:00.
Hi - I'm trying to learn and haven't found an answer to this yet. I'd love to expose some services to be accessed by specific people outside my LAN who aren't savvy enough to use Tailscale, however, the biggest piece of advice I've adhered to here is that if you don't know what you're doing, then don't open ports (Which is me! I know I don't know what I don't know!).
From what I've gathered, if you're going to expose a port, then it's better to use a reverse proxy because people will use IP scanners to find open ports and try to find vulnerabilities in whatever service you're using. What I don't understand is - how is exposing NGINX or Caddy better then? Doesn't it just bump the problem up a level? Scanners would still find the reverse proxy. Wouldn't there still be a concern about someone trying to exploit vulnerabilities in the reverse proxy itself, which is the problem of exposing a port in the first place?
I'd love to read/watch resources on securely exposing services if there are any you feel are helpful for a relative beginner.