cloudflare, check this one :
anyway, thanks for this thread, I am also trying to find good solution how to access self-hosted services.
I plan to open some not important services over reverse proxy and all others will be accessible only over wireguard.
Hello
Everything you do is a risk, when you open a port to a service (doesnât matter which and how) there is a posibility that someone can get acces to somthing you donât want to.
Everbody agree that nothing is 100% secure.
You have to decid how high or low you want to go with trustworthiness, need of protection, availability, risk. If everthing is low you donât need much security. The problem is how you decide, the first three is up to you (so long there is nothing against the law, personal data for example have a high need of protection by law), the risk is the difficult task, how shoud you know that there ist a security breach somewhere nobody knows. So this is all about possibility, how possible would it be that there is a security breach in Nextcloud thats allow to drop a reverse shell to the nextcloud server, very low but not zero.
You can belive me or google it, not long ago a hacker was able to take over the control of a mobilephone, just by sendig an animated gif over whatsapp.
So lets have look at same things that could happen and what could you do agains it, an relatively harmless example: a ddos attack is possible the weakest point will fail, the Internet connection because it cannot handle all the traffic, or the nextcloud/haproxy server because it cannot handle all the requests, easy solution cloudflare ddos protection, i donât know how good this protection is, but any protection ist better then no protection. The ddos attack is annoying but the impact is very small, your Internet or the nextcloud is not working, if you do not realy depend on the internet connection or nextcloud. (for some people it could be the end of the world without internet)
Now lets take a look to the worst case: reversed shell exploit in nextcloud and complete access to your entire network (IoT, smart home, sercurity cameras,âŚup to your fantasy what he can do with it), what can you do agains that, network seperation, so only the nexcloud server is there, no other device ist reachable, better but still not good, there ist still the access to all data on the nextcloud server, so what kind of data are there maby really really really privat pictures from you, your wife, yours or her parents, or a password list. (again it is up to your fantasy what he can do with this data, but remember we go through the worste case), here you can use data encryption, better still not good, he can still use your nextcloud server for illegal stuff, maybe you just get a unpleasant letter or the police ring your door bell because of ⌠(your fantasy again)
That is a big impact even there is a happy end, this will cause a lot of trouble.
For every issue you can put barrier in front of it, some are good other better, some reduce the vulnerability other increase the time requirement.
A reverse proxy is just a detour, when there is a security issues, which is reachable through the connection you normaly use for nextcloud, it will reach the destination as if there is no reverse proxy. There ist no need to be like the worste case, but it could be just one missing line in a plugin source code, so that this request not check if the user has a valid login and you have a security issue to access information from the nextcloud.
So now it is up to you caculate the numbers of potential security issues and the risk âwhat ifâ under consideration of your trust to the nextcloud developer if you can accept this, go for it. If you cannot accept that a solution was suggested (VPN), because VPN is developt to give access to internal services under the viewpoint of high security.
A company will never provide internal services to the internet, the only way there is to use a good configured VPN and when the need of protection ist very high (company secrets like Research and Development) there are additional layer of protection, up to that there is no remote access from outsite the company and you have to pass more then one physical security check, befor you get your fingers near to a system to access this data/service.
Monitoring is a security part, simple and automated like block account/IP after X unsuccessfull logins, or checking the traffic if nobody up oder downloading files but there ist a lot of traffic it is a reasonable question why, could just be a autmoted update or it do things you donât want to.
A pentest is complex, it is not only a protection test (getting access to the target) it can include trustworthiness (manipulate data between client and target) and availability (how does it react under heavy load, is it still useable) tests.