I am tasked with setting up a remote access cloud storage system for a few dozen users in a small office. We would like to have automated backups, group file shares and both local and remote access. I’d ideally like to put Nextcloud in a jail on top of FreeNAS / ZFS - then it will be easy to manage the storage pool through the webGUI and back everything up with ZFS snapshots and have the whole LAN sat behind a pfsense firewall.
What is the best way to set up a secure system that can do this? I was thinking to maybe put the server in the DMZ accessible remotely and locally via a VPN (using external port forwarding / NAT-loopback).
Does this make sense? Would love to hear comments, critiques, suggestions…