Netgear SG-1100 running 23.05+ (LAN and OPT with VLANS in use)
Nextcloud container running on Proxmox (accessed by 1-2 users)
Purchased domain from Hover that is not being used
I want to securely access nextcloud from internet. There might be other servers/services I want to access from internet in the future hosted on Proxmox server. Not sure if VPN or port forwarding or something else is best way to do this. Any recommendation (pro or con) on which option to use would be greatly appreciated.
VPN is the most secure but the con is that you have to setup each user to utilize your VPN. Maybe that isnāt a con if you donāt mind the management.
Exposing the HTTP/HTTPS to the internet is less secure, but you will need a reverse proxy if are wanting to host more services utilizing HTTP/HTTPS. Something like HAProxy (pfsense package), nginx or Apache will do the trick. If you chose this method you can enable 2FA on nextcloud to make it more secure.
Careful about using the free tier of cloudflare tunnels. There are some limitations, especially for long a connections need to be kept open and the max post size (100 megs for the free tier). Syncing large files on the free tier will fail.
As a follow-up, I now have Openvpn access to my self-hosted nextcloud server working with self-signed SSL certsš However, I want to use an application (Joplin notes) that does not support SSL with self-signed certificates securely.
Is there a way to configure pfsense and get a Letās Encrypt issued certificate so that remote access to the nextcloud server is only thru OpenVPN AND I can access it from my LAN using private IP addresses?
I plan to use the DNS validation option since I already have a registered domain