If you need to manage risk for a legacy service that has a requirement to be internet exposed, I suggest checking out https://knocknoc.io/ for a self-hosted and/or cloud based solution that was not built with vibe coding, but actual customer security use cases.
They provide 2FA and/or single sign-on to allow just in time access to internet
exposed applications which remain hidden from unauthenticated/approved users.