I won’t reiterate what people have already said. What I will note, is that if you’re exposing a port for an application, you should probably in most instances be proxying it through your webserver with the appropriate mitigations to common attack vectors. This could be something as simple as a deny_all or as thorough as CORS/CSRF checking. However in all instances, this will at least prevent you from exposing ports externally.
If you want an additional layer of security, use a gateway to redirect traffic to your webserver.
I won’t reiterate what people have already said. What I will note, is that if you’re exposing a port for an application, you should probably in most instances be proxying it through your webserver with the appropriate mitigations to common attack vectors. This could be something as simple as a deny_all or as thorough as CORS/CSRF checking. However in all instances, this will at least prevent you from exposing ports externally.
If you want an additional layer of security, use a gateway to redirect traffic to your webserver.