I'm missing an article on the following:

Setup: droplet with docker running a http/https service. The docker network is a custom bridge network.

Describe how to add a firewall to only allow ssh and http/https to droplet (simple, just use your built in feature).

Next layer of security is to add fail2ban to the droplet to stop attacks on ssh and http/https ports. Example: ban attempts with more than 10 attempts on three minuts - ban period, say 24 hours.

Difficulty: How to make this work with Docker's special network and routing, how to make it work with nftables.

This would be a great article for small setups that hasn't chosen the larger scale Kubernetes solutions.