I have my installation running over https port 443 with the security and hardening enabled using letsencrypt certs. How safe is this? In the logs i noticed two lines saying two random ip’s had attempted connection. When I googled them it was shadowproject bot.
This led me to start thinking. Will my data be safe? Only 443 is open on my router infront of this server.
Also is there a way to autoban failed user logins after a certain period/amount of attempts?
Please accept my apologies if these have been asked before. Im just concerned before I add more data.
Security is a continuous process. Unfortunately there is no checklist you can go through and then your server is secure.
Regarding your SSL settings, you can check your SSL configuration if it is properly installed and if it uses secure ciphers -> ssllabs.com
Nextcloud 10 has some login protection, fail2ban does this on a network level (less load on the webserver).
Check your logfiles regularly (tools like logcheck can help you) and keep your system (and Nextcloud) updated. For anything else you can just look for general guides how to secure your Linux system and webserver.
I think so but I’m not sure. Anyway it is recommended to test such features if they work like they should.
For the fail2ban expressions, I would take the newest you can find. You perhaps need to modify it. OC 9.1 and NC 10 are probably very similar (also OC 9.0 and NC 10).
As far as I know, you need to configure fail2ban for nextcloud manually. But this is very easy.
Create a file /etc/fail2ban/filter.d/nextcloud.conf
and write into the file:
[Definition]
failregex = ^...
^...
followed by various regular expression after the = sign. You can enter many lines of different regular expression. Have a look at /etc/fail2ban/filter.d/sshd.conf to see how it can look.
However, as an example, how I wrote my nextcloud.conf, but this is specific for me and my use of syslog: