Some things are worth paying the fine for.

Or would be a useful hostage to trade for a Chinese person held in OP’s country.

https://en.wikipedia.org/wiki/Detention_of_Michael_Spavor_and_Michael_Kovrig

Create a vpn tunnel between the public and private servers for that app.

There’s no time to learn like the present! Your existing compose file has an example, but if that doesn’t work, the traefik docs are useful too.

Then drop nginx and just use traefik.

Why are you using both nginx and traefik?

It is. MIT license on the code, CC-BY on the binaries and resources.

Not just old insecure, but current insecure too. Plenty of stuff runs fully current but still vulnerable code. Put it behind a firewall.

Nor is it authentication.

https://github.com/TecharoHQ/anubis

Inbound spam is also a problem. Gmail’s filter is pretty good, and it responds to what you personally mark as spam. Other providers aren’t as good, and I don’t know if there’s any good self-hosted filter at all.

Yeah, residential ISPs do that because if they don’t, spammers will just turn every botnet member into a spam host. You’ll probably have to get a business connection or change ISPs.

Or just don’t self-host email. I wouldn’t recommend it unless you’re a masochist.

Recover the accounts and close them?

Most web servers already use the Host header.

What’s your budget?

That’ll work great up until the kid finds out about changing the MAC address.

And they’ve answered their own question by listing several valid candidates.

Right. One of the facets of cryptography is rounds: if you apply the same algorithm 10,000 times instead of just one, it might make it slightly slower each time you need to run it, but it makes it vastly slower for someone trying to brute-force your password.

Yes. There’s no real way to differentiate.

Well not never, you’ve got the Senators.

Which will never not be funny to me since it’s Latin for “old men”.