Definitely have the server on its own VLAN. It shouldn’t have any access to other devices that are not related to the services and I would also add some sort of security software.
If you have a public service that you expect to have multiple users on you definitely should have some level of monitoring whether it is just the application logs from the forum that you want to host or further have some sort of EDR on the server.
Things I would do if I was hosting a public forum:
Reverse proxy
fail2ban
dedicated server that does not have any personal data or other services that are sensitive
complete network isolation with VLAN
send application logs to ELK
clamAV
And if the user base grows I would also add:
EDR such as velociraptor
an external firewall / ips
possibly move from docker to VM for further isolation (not likely)
in the context of the comment you referenced:
Definitely have the server on its own VLAN. It shouldn’t have any access to other devices that are not related to the services and I would also add some sort of security software.
If you have a public service that you expect to have multiple users on you definitely should have some level of monitoring whether it is just the application logs from the forum that you want to host or further have some sort of EDR on the server.
Things I would do if I was hosting a public forum:
And if the user base grows I would also add: