Is your private instance behind a login/VPN, or is it open to the public? If open, how long has it been running?

I'm considering running one "privately", but am worried about it being "discovered" and abused with unwanted traffic. And setting it behind a VPN seems like a hassle.

It's behind my firewall/VPN (not publicly accessible).

The official instructions use nginx as a reverse proxy. If you don't want to set up something like Wireguard, you can use HTTP basic authentication[0] to make it inaccessible/invisible without a username/password. (You definitely want to also set up certbot[1] for SSL if you go this route.)

[0]: https://docs.nginx.com/nginx/admin-guide/security-controls/c...

[1]: https://wiki.debian.org/LetsEncrypt

Thanks for the reply :) logistically, do you have to connect to VPN when you find you want to browse reddit? This is the "hassle" piece I was referring to earlier. Or do you simply always leave your phone and laptop connected to VPN by default?

This is an ideal use case for something like TailScale! It’ll only redirect traffic that’s meant for your internal network, unless you set it as an exit node - then it asks as a regular VPN.

I route all of my traffic (especially laptop/mobile, where I'm sometimes connecting to sketchy networks) over a Wireguard VPN to a server I control.

Also comes in handy when traveling, for services like Netflix that geoblock you based on your IP address.