Right now I have everything except wireguard setup on my old Thinkpad. I’m planning on hosting a minecraft server, forgejo, jellyfin, and fediverse instances. Before I expose everything to the open web I’d be grateful if someone could look my setup over and tell me if this is secure enough I can just update containers when they need and forget about security
Personally what I do and what I would recommend is putting the reverse proxy on the VPS and having it reach out to the services over the VPN, rather than for security this is for performance reasons. Caddy and nginx reverse proxies can both be setup to cache static content. This helps remove the delay of reaching out over the vpn for some things and in my experience made a noticeable performance difference in services that had cachable content.