I used to host my own NextcloudPi instance which has been offline for several months now.
Rather than upgrading it, I would like to install NextcloudPi on a new SD Card and keep my unencrypted data drive.
My main concern is the security of my data as well as my home network when exposing my instance to the internet. Previously, I have forwarded ports 80 and 443 and used HTTPS only with letsencrypt. My scan.nextcloud.com rating was either A or A+.
However, I am uncertain if this is enough.
I have a couple of thoughts/questions that I would be glad to get your comments on:
-
How much of a hassle is it going to be to use my previous data drive with the new NextcloudPi instance?
-
I think the safest option for remote access would be a VPN. However, my nextcloud would be used to share links to files for my family. Hence, I believe this will not be feasible?
-
I am pondering to use a reverse proxy on the same Raspberry Pi. My understanding is that this would require nginx to be compromised before someone could try to access my Nextcloud. Does this objectively add some security? Also, would this lead to problems with WebDAV?
-
I plan to run this on a Raspberry Pi 4 with 2 GB RAM. I was satisfied with the previous performance, but would running nginx on top of it or running everything in Docker likely overload the hardware?
-
Are there any other tips or recommendations you have beyond what is provided in the Hardening Guide ?
Thank you very much in advance!