How should I protect my network?

Hello everyone,

Here’s my infrastructure:

OpenWrt → 443 Reverse-Proxy (with nginx on a Debian 11 server) → 20 web pages (zabbix, home-assistant, 2 Synology with some web pages, etc.).

How should I proceed? I cannot install CrowdSec on my OpenWrt due to lack of storage, should I install CrowdSec on my nginx server? On each of my pages (e.g. zabbix server, etc.)?