What I was referring to is called a Bind Mount, where host directories are exposed to the docker container. You may be fine if it’s an external hard drive. I use bind mounts because they’re easier to back up, but I acknowledge they are less safe.

You may be perfectly fine as you are now. My (and others) suggestions are for added security. As it stands, if there’s no target on your bind, the only bad traffic you’ll get are from bots trying to pick away at your domain and sub domains. Generally they’re not a problem. But being extra safe costs nothing but time.

You went and got my hopes up.

“Secure” and “exposed” are antonyms in this scenario, that’s the nature of the beast. I use Nginx which I have a domain pointing to. Worst case scenario, a hacker brute forces access to my container and mucks around within the confines. As I understand from a WireGuard VPN, there’s an added level of security. You have to use the VPN to get access to your home ports, and then you can access your Docker containers as configured. There’s an added layer of security.

Some things to consider:

• Do you have a target on your back?
• Does your container contain sensitive data?
• If so, does your container have access to external directories?
• Does your project have security options like Geo Blocking, rate limiting, etc?

I’ve been running some local servers for a few years only behind Nginx. So far nothing bad has happened. But that doesn’t mean something bad couldn’t happen later.

It’s a big ask. HeliBoard and FUTO are actively in development so improvements will come. They’re also the best we have as far as privacy or open source alternatives go. They’ll either grow to fill the need for a perfect alternative or another project will, but not yet.

I’m not exactly sure who is behind all the Fossify apps but I’m impressed with their momentum.

I’m intrigued. And although I read the article, I’m not entirely sure who or what this is for. It’s cool, but… what?