Duckdns vs tailscale : security

Hello

I have a self hosted Nextcloud installed on one of my computers. All is okay

Until today I normally use duckdns.org
"https:1244duckdns.org.mynextcloud…” to access it

But after playing around with tailscale I can now use “https:1234tailscale.mynextcloud…”

I have the ssl certificates for both, so both are using https. And 2FA for my login

Am I right in thinking that using #tailscale is slightly safer than #duckdns. Because with tailscale I don’t need to open the 443 port. Or is there no difference

The only difference that I can see is the port being configured open on my router for duckdns to run. Which I don’t need for tailscale

I can access both via my browser or my telephone. Both work perfectly.

I don’t think is a a difference in terms of security. One method might look little safer at first glance as it doesn’t require port forwarding but if you create a public certificate your domain becomes public due to certificate transparency and everybody knows there is a service hosted on this address… more or less no difference the attacker scans your IP and discovers the service - depending on POV first method might seem even easier - you get the DNS name for free…

security doesn’t benefit from hidden knowledge - “security by obscurity” doesn’t work - it benefits from up-to-date software, good passwords and Multi Factor Authentication

mfa security

• Nextcloud behind router with port forwarding disabled - security concerns and improvements using Tailscale?