You'll be fine. It's exactly what I do. Just keep any exposed services up to date. NPM also has a very rudimentary blocker that mostly relies on UA and bad strings getting passed through. You can turn that on. Open up only services that need to be exposed e.g. don't expose sonarr/radarr unless there's a good reason for it. Make sure anything you expose that doesn't have any sort of authentication can have it implemented in nginx or you can use an SSO solution.
I expose strictly needed services while everything else is just internal. Exposed services include jellyfin, jellyseer (jellyfin version of overseerr), and nextcloud.
You'll be fine. It's exactly what I do. Just keep any exposed services up to date. NPM also has a very rudimentary blocker that mostly relies on UA and bad strings getting passed through. You can turn that on. Open up only services that need to be exposed e.g. don't expose sonarr/radarr unless there's a good reason for it. Make sure anything you expose that doesn't have any sort of authentication can have it implemented in nginx or you can use an SSO solution.
I expose strictly needed services while everything else is just internal. Exposed services include jellyfin, jellyseer (jellyfin version of overseerr), and nextcloud.