I see, the default docker installer for fail2ban gave me an error because “Port 80 was already in use” (by NGINX Manager).

If any service has only username and password instead of mfa or password less then it’s not safe.

None of them do

You also didn’t mention if you have automated patching or immutable backups enabled.

I do not. I don’t even know what those are tbh

Thanks I’ll look into these. Quick question: how does fail2ban use port 80 if that’s already used by nginx?