I've heard good things about Nextcloud AIO, and am hoping to transition my family out of Google as soon as is reasonably possible.
My challenge, however, is understanding the safest way to expose my Pi to the web without risking more than necessary with Nextcloud AIO.
My concern is the message that appears on the welcome screen of Nextcloud AIO when setting things up:
The aim is to reduce my risk of attack as much as is reasonable, so an extra few evenings getting my head around extra steps is worth it if it achieves this aim. (Yes, of course, 3, 2, 1 backups etc. reduce these risks. I have this in place, don't worry.)
Thanks in advance for all your well-reasoned and patient answers to a relative noob, and of course a very happy new year to you all!
My challenge, however, is understanding the safest way to expose my Pi to the web without risking more than necessary with Nextcloud AIO.
My concern is the message that appears on the welcome screen of Nextcloud AIO when setting things up:
I'm wondering: is the default option, namely with Nextcloud handling TLS proxying itself, as safe as reverse proxying behind Nginx and Cloudflare?AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), see the reverse proxy documentation. Advice: have a detailed look at the changed docker run command for AIO.
The aim is to reduce my risk of attack as much as is reasonable, so an extra few evenings getting my head around extra steps is worth it if it achieves this aim. (Yes, of course, 3, 2, 1 backups etc. reduce these risks. I have this in place, don't worry.)
Thanks in advance for all your well-reasoned and patient answers to a relative noob, and of course a very happy new year to you all!
Statistics: Posted by deep-life-jon — Wed Dec 27, 2023 9:21 pm