Running a own reverse proxy server, using https & fail2ban, login in your applications.
Depending on use case this can be a good option but is considered fairly risky. Every application exposed is additional surface area for attack. If the services don't need to be exposed to the public than it is safer to not expose them. Tailscale/Wireguard/other-VPN will expose 1 thing (the VPN) and the rest of the services are safely behind the VPN.
reply