Great guide, but I disagree on the firewall settings, specially using Hetzner. If you only need this simple configuration, their firewall solution is more than enough, and do a great job "outsourcing" the problem.

If you want to get a bit more fancy than just using their panel for it, you can configure via API: https://docs.hetzner.cloud/reference/cloud#firewalls

Does anyone have objections against Hetzner's firewall solution that I'm not aware of?

The guide mentions that Hetzner was chosen over other providers and platforms because they didn’t wish to get tied into a whole ecosystem, and could take this setup and move it more or less anywhere