Great points, thank you! I’ve been trying to get a local-only AIO instance set up, since I agree that it would be ideal to make it accessible only via a VPN. However, I’m running into some difficulties with the setup process.
I’m thinking that an alternative approach might be to use a public-facing AIO installation while storing very sensitive files (e.g. financial records) on NextCloud via a VeraCrypt container, or even an eCryptFS folder. This would be a bit of an inconvenience for me, since I couldn’t simply view them online. However, even if someone did make it into my account, they still won’t be able to view the data.
Obviously, having trouble with a more secure approach isn’t a good reason in itself to choose a less secure approach. However, it would be nice to be able to share files publicly if needed, which I couldn’t do with the VPN. . .