Public + local hosting: exposing services without exposing my soul

What I did

• Segmented services and kept management interfaces off the public edge.
• Set up TLS properly and kept certificates automated (no manual renewals).
• Used reverse proxy rules to reduce open ports and centralize routing.
• Added basic monitoring so failures are obvious, not “found later.”

Notes

This is written as a real log — configs, mistakes, and the “why.” If you want the raw screenshots/config snippets, ping me on LinkedIn.