14

Hey y'all! First time trying to self-host something, I started with a local Nextcloud instance for me and my family to use. I just wanted to make sure that no outsiders can enter the instance (access it or its files) through a browser on another connection.

I don't have a DNS server so we access it through its IP address. The connection is unencrypted (I don't know if this is a problem on a local instance, but from what I've read, I need a local DNS server to encrypt it, as well as to be able to set a domain (?) name (I don't really know if it's a domain name, but I'm referring to the website name, for instance google.com). I don't think leaving it as it is (unencrypted, no domain name, only accessible through IP) will be problematic. Could other people access the server remotely with this setting? By remotely, I mean from far away. I tried out Nextcloud's own Security Scan and it returns:

Scan failed! The scan for the specified domain failed. Either no Nextcloud or ownCloud can be found there or you tried to scan too many servers.

I'm guessing this is a good thing for what I'm trying to achieve?

for reference, the tutorial I've used is this one under Linux Mint

you are viewing a single comment's thread
view the rest of the comments
[-] SJ0@lemmy.fbxl.net 4 points 1 year ago

You don't need a local DNS server to set up https, but you do need a domain name. If it's something that you wanted to pick up, you can buy them at a number of different places and you'd have to set up a mechanism to make sure the IP address referenced is the correct one. You can either do that by having a static IP address or by setting up some form of dynamic DNS. Then you can use letsencrypt to set up https.

Okay so here's I think the core of your question though: the only way that someone outside of your network can access your nextcloud is if you have set up the server to be accessible from the outside world. You would have to go into your router and forward Port 80 to the local IP address of your nextcloud server. If you don't do that, then it will only be accessible to the people inside of your network. Rotors do something called Network address translation which lets many devices on your local network connect to the internet despite only having one external IP address. If you're accessing the server using a 192.168 address or a 10.x.x.x address you are already using the internal IP address and not your external Internet IP address so you're likely safe.

One neat trick because remembering IP addresses is a pain in the butt is the hosts file. On windows it's in c:\windows\system32\drivers\etc\hosts and you can set a hostname to immediately resolve to a certain IP address. It's particularly nice because it's free, it's fast, and once you set it you can forget it.

My websites are on the public internet, but I use the host to file to point them at the internal IP address because that way I can directly connect to my servers even when the internet is down.

this post was submitted on 24 Jul 2023
14 points (100.0% liked)

Selfhosted

40183 readers
423 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS