I've put the web site behind a reverse proxy. That does a couple of things: it lets me require https connections, and also use Lets-Encrypt certificates; it allows me to easily front-end some other systems that I have running; and provides some defense against DoS attacks if that should ever come to pass. Now the interwebs talk only to my tiny proxy and don't have direct access to my servers. The proxy is running haproxy on a small Raspberry Pi. Right now because the load is very light it can handle it easily but could also be beefed up quickly if necessary.
Submitted by Bill Waggoner on