NextcloudPi Internet Access


I am totally new to all of this, and couldn’t find much on the topic. Sorry if this has been answered and I just didn’t find the relevant info.

I have been using NCP for a year now and have never given it access to the internet through my FritzBox. Since I have no idea of server hardening, etc. It seemed easiest to just restrict all outgoing traffic past the Fritzbox and only have access from within the local network.
If I need access to anything on-the-go, I figured I could just VPN into my network and access everything from there. Since I mainly use NCP to sync files between multiple devices at the moment, I haven’t had the need to do that yet, though.

What I have noticed, though, is that when i restrict the outgoing traffic for my NCP, obviously there are no updates, some apps dont work, etc. This hasn’t really been an issue until now, but while synchronising my contacts (from my phone) HTTP 415 Error keeps occuring and it doesn’t finish.
Doing some research, I found out, an update might help. Which brings me to the issue.

Is there a way to give NCP access to the internet for updates, etc. while not generating any security issues? Without needing access externally, meaning no need for certificates, a domain, etc.

Would there even be security issues if i don’t have a Domain that points to the ncp IP? Since - to access the NCP you would have to bypass the Fritzbox security first?

Hope my question is understandable enough… And not massively stupid :smiley:
Clearly I have loads of research and learning to do.

Thanks for taking the time and reading this!

If you can restrict traffic in the firewall to certain hosts, you could only allow traffic from certain domains (,, …). You could allow your NCP to get access outside stuff (like any computer on your network) but don’t open fixed ports for incoming connections. Or you just allow outgoing traffic during upgrades.

In general, you should update the software on a more or less regular basis. There are bugs repaired and for new major versions, there are new features.

Thanks for the quick answer! I can set filters in my Fritzbox, would you have any idea where I could find out which domains would need to be whitelisted for that? That sounds like the best practice without the necessary expertise to harden the server itself.

Will check it out, thanks again!
Guess I will need to

Unfortunately, there is no complete list of domains that are used. For the apps, you don’t know where they are hosted (many on github though).

Alright, thanks! I should be able to figure it out from here!