[kenniskrag]

But you can also use a container as first contact and redirect to other containers. You can bind a network device to a container.

For example a reverse proxy container which redirects to a gitea container or a wordpress container depending on the request. The reverse proxy container can also centralize the security with certificate handling or fail2ban.

[rudasn]

You still need access to the host, via ssh for example, to start the containers and do some basic maintenance. Won't you have fail2ban installed on the host since your ssh port would be open?

[hermitmaster]

If you need direct access to the host, it’s probably a non production environment or you’re doing containers wrong. Kubernetes clusters provisioned with Terraform, for example, should almost never require ssh access to workers nodes.

[unionpivo]

This is overkill for 90% of projects out there.