I’ve seen many default docker-compose configurations provided by server software that expose the ports of stuff like databases by default (which exposes it on all host interfaces). Even outside docker, a lot of software, has a default configuration of “listen on all interfaces”.

I’m also not saying “evil haxxors will take you over”. It’s not the end of the world to have a service requiring authentication exposed to the internet, but it’s much better to only expose what should be public.

UFW works well, and is easy to configure. UFW is a great option if you don’t need the flexibility (and insane complexity) that manually managing iptables rules offers,

The job of a reverse proxy like nginx is exactly this. Take traffic coming from one source (usually port 443 HTTPS) and forward it somewhere else based on things like the (sub)domain. A HTTPS reverse proxy often also forwards the traffic as HTTP on the local machine, so the software running the service doesn’t have to worry about ssl.

Be sure to get yourself a firewall on that machine. VPSes are usually directly connected to the internet without NAT in between. If you don’t have a firewall, all internal services will be accessible, stuff like databases or the internal ports of the services you host.

You need a couple things:

• The kernel driver (dkms)
• Userspace component
• Kernel headers (for dkms)

First get your kernel headers, this is easy enough, but varies based on which kernel you have installed. The format of the package name is {kernel}-headers. If you have the linux kernel, get linux-headers. If you have linux-lts, get linux-lts-headers. If you’re not sure on this, the command pacman -Q | grep linux searches for installed packages containing linux in the name. If you have multiple kernels installed, get the headers for all of them.

Then install (from AUR) at least nvidia-580xx-dkms (display out) and nvidia-580xx-utils (Acceleration, like 3D and video decoding). If you have Steam or play Windows games under Wine, be sure to get lib32-nvidia-580xx-utils too.

Also of note is the order in which you install things. Having the kernel headers installed is important for the DKMS modules to install succesfully. If you already have nvidia-580xx-dkms but were missing your kernel headers, you should reinstall it after installing your kernel headers.