Cool guide, I’ll keep it in mind when setting up my own Lemmy, even though I won’t go through cloudflare. Some things I noticed:

• Since I didn’t see you mentioning it, ufw (idk about gufw) doesn’t actually block the ports opened by docker. Make sure to only forward your docker ports to localhost and only make the actual webservice available (e.g. 127.0.0.1:8888:8080 for piefed adminer), otherwise the ports will be accessible from your LAN
• In your update process, you can docker compose pull before docker compose down, makes a little difference especially on a slow connection/big images. I think you don’t even need the down command since docker does that automatically if something changes (e.g. new build)