I’ve had some fun with my Nextcloud box. Its doing a few things for me. Got a couple apps going. I’ve somewhat learned the platform. I’m done with burn-in, and ready to start using it on a serious basis. And to do that, I have to trust the security.
I don’t see a lot of info out there about practical methods of securing the system. I’m guessing the only really solid way to secure it is a firewall and VPN. They do not cover this method in their official docs. I don’t trust their security and/or my effective implementation of its quirks.
(It’s not that I have reason to doubt the product, but its a web server on the internet, known to have goodies hidden behind it. Any Nextcloud box with web access must be a target.)
I’m interested in any advice. I’ll read any links posted. Thanks.
I’ve seen some long discussions from folks trying to secure Jellyfin. Yes, there are a lot of things you can do to secure a web server. But if you want it simple, over and over the answer is one word. Wireguard.
My router does Wireguard, although I did stumble the last time I tried to set it up. I’ll install it on my VPS and get a VPN going.