I have had a NextCloud up & running for a few weeks thus far and haven’t had any problems. The reason I can’t just connect to it via vpn is that I want to share links of files with other people. I always keep the system up to date and I think I configured nginx correctly. I have blocked all requests to ports other than 80 and 443, but the firewall is still not the best right now: someone can send many requests in a short timeframe. I have also used tools like pentest-tools.com and some others, but those say that there are no major vulnerabilities. I also keep track of logs with a tool called logwatch. Any tips and tricks or resources (articles, videos, etc) would be much appreciated. Or maybe you want to know more about my setup. I know that NextCloud can be really secure if everything is done right!
If you have a domain name setup, I’d recommend using Swag as your gateway. It’s a hardened nginx with lots of preconfigured samples that make it feel very plug and play. I got SSL with Let’s Encrypt set up in minutes. My next task is adding SSO to my setup.
If you’re using docker to run your apps, use a network with only swag on it that can connect via port 80 and 443, and put your other apps on a separate network that isn’t public, swag also there and let it do its proxy thing. Run docker rootless, each container with a separate user, secrets fully secured, all that good stuff.
