I am new to Nextcloud, so I have some questions pertaining to secure access:
I have my NC running behind haproxy on the OPNsense firewall.
So the only thing open towards Nextcloud is it’s custom HTTPS port. I reckon that’s already a big step towards securing it.
Of course, everything is up to date and I intend in keeping it that way.
Now, I tried SELinux, however failed to activate it. Not sure how important that is, since Ubuntu 20.10 already has AppArmor active?
And the next thing I am getting to is moving my data directory outside of /etc/www.
What I want though is to move the data server completely away from the VM where Nextcloud resides, actually best on my Synology NAS, due to data security there (multiple disk fails, external backup etc).
My idea would be this:
Create a shared folder on Synology, mount that via NFS on NC VM.
Point data directory there.
And I’d also like to have my documents and photos available over Nextcloud, so I think making symlinks in the data folder corresponding to shared folders on the NAS itself.
Are there some security concerns here that I should know? Is it a good idea to do it like that? Alternatives?