Yes. Nobody needs the internet. The internet is insecure. And yes i also uses more encryption and e.g. ssh-remote-port-forwarding to access systems behind nat. Put for access you need system in the internet. And i also use VoIP behind nat and then i need stun and/or turn
1 Like
read my above comment . already answered about ssh port forwarding .
Yes. But i think nextcloud is ok for my data and sometimes i like to share them over the internet.
u can share ur stuff with out people with p2p.
and keep ur stuff secure.
needless to say that if nextcloud as an unknow vulnerability that can be exploited , ur home/bussines/company network is also compromised +files on the server and all that because u thought port 443 were secure Oo …
read the above, i shared a vulnrability that nextcloud had , read about nextcry
Ok. Then use perhaps another software or nextcloud with VPN. Ok VPN is also unsecure and uses sometimes TLS.
1 Like
havent said vpn is not insecure , u should really read what i wrote .
think about ur dad/mom/ boss that have no technical background .
or u as a user, its a pin in the ass to enter ur vpn each time u wana access ur time, also u lose speed because u had multiples hopes in the way.
vpn does not solve the problem.
and u gota pay a different server for that vpn usage. vps or other
even if its free. it does not make it simple for the normal user
My nextcloud Installation was not affected from nextcry, because i use apache and not nginx. So nextcry is not a Nextcloud vulnarablity.
And if you want a P2P connection you need a P2P Server, right? Is This server unvulnarable?
a p2p server is just a relay , to get user A to point B and do the connection between them.
And no one can attack this? It is unvulnerable?
oh, i thought i answer that ,
nothing is 100% bullet proof , lets start with that .
but even if the p2p server get compremised all it does it connect A to point B.
meaning u still need to authenticate , by all mean u are not in the network .
the server/nextcloud server/camera/nas or w.e the device is, all it does it says to the p2p server “HEY I AM HERE and I AM ALIVE. IF SOME ONE WANT TO CONNECT TO ME PLEASE FORWARD HIS REQUEST TO ME…”
the p2p server get that request and forward that to the server/camera…
for example the p2p in synology works with a subdomain + p2p , meaning in synology if u want to access ur nas u have to enable their p2p option / aka sub domain, however it is not a regular subdomain , because a subdomain send u to a public ip, and if u are behind a NAT u wont get anywhere , so synology as implement a subdomain + p2p so people can remember more easy instead of random numbers and chars ,
when u reach out to that subdomain , it will do the p2p for u in the background and then u will be greated with a username and password of ur nas.
for example take this subdomain mira.quickconnect.to or green.quickconnect.to (not mine)
so even if the p2p get compromised all it can do is kinda nothing , only block the service , but ur file are still safe.
in different p2p brand not in synology , u would need to enter a password username and a random id. (mac,serial or w.e) .
and the process is the same the p2p server will just forward and connect both of u together.
u can see that in facebook call, it get 2 people together and make them talk with each other. with out being in the middle .
lots of companies as already implemented that .
if i am not mistaken it all can be done with stun/trun server with webrtc.
To run nextcloud you need a Webserver like nginx or Apache2. A turn Server like coturn only needed if you will use Talk with in nextcloud behind NAT.
yea ofc , nextcloud do run a webserver , im not sure what u mean by that .
synology and cameras and dvrs do run on webservers aswell.
whats ur point
i mention turn,stun protocols because they are used for this purpose .
What i mean by this? Sorry, this is personal. But it looks like you never setup a Nextcloud or a Webserver.
If i am wrong, feel free to develope a P2P Server for nextcloud.
well u’r totaly wrong 
but i did not understand what it as to do with the convo.
to develop a p2p is out of my expertise this is why i made this thread …!
sigh
Perhaps use https://www.sharedrop.io
Also you can develop something with nextcloud and Sharedrop.
https://github.com/nextcloud
https://github.com/cowbell/sharedrop
1 Like
does not really give an answer to the whole concept of p2p in nextcloud.
and thanks at least for trying ,
i didnt knew that site looking cool thanks.
Hello!
Note: I wanted to read the entire thread but had to to just skim over it!
Looking to set up nextcloud behind Carrier Grade NAT (CGNAT) as well, there seem to be few options:
- Some ISPs can, for a fee, provide a Public IP address
- Some ISPs can also forward ports from their firewall to the home user’s self hosted server (though most would deem it as a business account use-case)
- a reverse tunnel: https://superuser.com/questions/1258093/set-up-a-web-server-behind-a-carrier-grade-nat
- a VPN on a VPS with a public IP can be used to escape the limitations of the CGNAT
- Zerotier (uses root servers) or softethervpn (uses vpn azure relay) can also work behind CGNAT
So, basically, as CGNAT blocks incoming connections, using the “home machine” to initiate an outbound connection allows “bypassing” the CGNAT.
I would like to know the preferred method if the ISP does not cooperate? Thanks!
Regards,
ahmedfarazch