I want to share my nextcloud files through internet with the help of “remote.it” site. I configured nextcloud at my local network and everything works great. I configured self-signed ssl certificate (I don’t have any domain), installed two factor authentication, created not-admin user to connect to cloud without admin privileges. I want to configure some firewall and fail2ban, too.
And my question is: Is it a good idea? I don’t know if this site is secure enough to doing this kind of stuff. The advantage of this solution is that I don’t have to do any port forwarding in my router to make it work.
I don’t have any super important data on my disk but, you know, I just want to know that everything is as secure as it can be.
Thank you in advance
Sorry i do not use “remote.it”.
remote.it allows you to make secure remote connections between two computers.
Perhaps it is secure. But i think you can not share files to other people. Nextcloud is a sharing platform I think remote.it is more a VPN solution.
I think there is no really high risk with port-forwarding to 80/443 and Lets Encrypt to the on-prem hosted nextcloud. Thousands or millions of users uses it without any problems.
I don’t have money in my budget to buy any kind of domain. Is it possible to configure everything for free? I know I can use free subdomain and I really have to use ddns because I don’t have Static IP. Can you recommend some sites?
I’m learning everything from scratch.
You can use a free DynDNS subdomain e.g. from https://www.ddnss.de in Germany.
You can also use a free Lets Encrypt certificate to the DynDNS subdomain.
For Lets Encrypt use “certbot” on your apache2/nginx - nextcloud server (DynDNS subdomain) port-forwarded through your router.
I have one problem. I created an account on ddnss.de (yeah its in german and it’s not possible to change language but so far I’m doing good). I registered a new subdomain, I forwarded ports in my TP-Link Archer C7 (port 80 ands 443) and it doesn’t work. I assume that when I enter my reserved domain in the browser i should get a test site of the server, right?
On ddns.de is option to test ports and it said that all my ports except port :143 are closed. Are they blocked by ISP?
Yes. But first check the DNS-to-IP with “nslookup” or https://mxtoolbox.com/DnsLookup.aspx
Than compare with your ip address e.g. at https://ifconfig.me
Thant it could be that you can not access from inside. Test first from outside e.g. with a mobile device and from mobile not wlan.
It shows the same IP adresses. mxtoolbox from my mobile internet on my cellphone and ifconfig from the server. But still it doesn’t work.
This situation is hopeless because now I know that my Internet Provider gives me a private IP so I’m behind the NAT. That’s why I can’t connect with my local network from outside.
Than change your provider or ask for a worldwide IPv4 address. Also you can host your Nextcloud in the internet.