Safety considerations when hosting the web GUI on a public IP

How safe is the web GUI?
Is the main attack vector just brute-forcing the username/password combo?
Any other security considerations one should be aware of?

With so many other solutions, VPNs, I would not pub anything on the public IP range without some decent things in front of it.

You can use Caddy/NGinx to put something in front of it. I personally use Caddy with Github oAuth to secure things that must be on the internet and I've dabbeld with using Cloudflare (free plan) with cloudflared which makes it off the internet but accessible.

1 Like