I run Nginx with Nginx Proxy Manager web-ui, which makes setting up proxy hosts and handling letsencrypt certificates really easy. I also use Portainer to manage my docker containers. This works well for the stuff I mentioned above (Nextcloud, Matrix, Lemmy mostly)
If I can get Mastodon into the same setup, it'd be neat. I just found a lot of discussion with problems, so I thought I'll ask about it before I spend a few hours in vain :)
I have fail2ban running as well, didn‘t mention it in the op. Also closed all ports beside 80 and 443, which are routed through my NPM proxy. SSH is allowed, but login only with ssh key, no pw authentication.
So far it‘s running well, but I expect things to break when I‘ll need to update parts of it. I have a snapshot from which i can reinstall, but recurring backups need yet to be set up.