Installation behind firewall (Ipfire)

Hello you all,

I am new to this community, so I need some advice.
Currently my network setup consists of a Fritzbox Router ISP -> Ipfire Firewall (not exposed) -> Access Point Lan/Wlan
I have build a new server to run Nextcloud, so that i have control over my own data. My problem is that I have to switch between two home several times a month and I want access to my data via Internet/VPN

What do you people think will be the best setup?

  1. Nextcloud behind ipfire (green) - Do you have info regarding upload/download speed?
  2. Configure a new Orange DMZ?
  3. Expose the Ipfire directly to the Internet?

Since my setup is currently running quite fine, I want be sure if I have to change the whole setup to work.
Thanks for your ideas

And what is the problem? Expose NC only internal and when you connect to you net via VPN - you will be able to access you files.

If you need solution without VPN - expose only port 443 of Nextcloud with port forwarding on Fritzbox.

You can harden your system with Fail2ban: Brute force protection doesn't protect against failed logins

Thanks for your advice :slight_smile:

Just wanted to be sure before I destroy my setup.

in case you use letsencrypt with http validation port 80 must be opened as well.

You can use 443 only: Port 443 open, 80 closed