Hm, that YouTube video made me think a bit, sure if you put it all like that, it does feel like a lot of stuff to get right, but whenever I do it, it takes about 30 minutes to lock down the firewall, do some port-scans to verify, punch a VPN through and hide SSH behind it. That way you're already protected from 99.9% of attacks, and then hope that that last tenth of a percent won't stumble upon you, and also that the VPN is secure enough, though I guess if that is breached it's not only you who's fucked. Also you need to look out that Docker doesn't destroy your firewall. I don't know, it doesn't feel like that much work, right? Maybe I'm just blind to it.