[kevincox]

This is really cool. I run a lot of different services on my home server and don't trust them to the internet. Everything is accessed via a reverse proxy with authentication that I trust.

While listening on localhost is some level of security it still means that lateral movement is possible if one of the services is compromised. It also means that if I give give someone else a user account or similarly run any less trusted code then they can access all of the services without authentication.

I'm going to look into this an apply this so that these services aren't accessible by other users.