Dangerous to just open those ports directly out (some of the most exploited and targeted ports on the internet)…best recommendation is to create a VPN (use PiVPN)…tunnel in…then thru an encrypted tunnel connect to your nextcloud like you are in a LAN…
You can specify non-standard (above 1024) ports to any port behind your router…but it’s always unsafe to just open ports…
Of course a VPN is the most secure way to access your local network. But then you need to setup a VPN sever and you need to open several ports to access it, which can of course be attacked as well.
And every client, mobile phone, work place PC, friends/family you want you share data with etc, needs a VPN client and your access credentials.
And as well not all public networks allow to use the ports, required for VPN.
If you install Nextcloud and ask how to access via internet/from outside your local network, then you most likely want to sync data with e.g. mobile phone and/or share data with others. A VPN only setup will in most cases break this use case.
So in short:
If you want to to be able to just open a browser or web/cal/carddav client from anywhere to access your Nextcloud, you need to open those HTTP/S ports.
I would put more effort then on securing your webserver as good as possible, enable and enforce HTTPS for encrypted access and of course use a strong password for Nextcloud .
That private data, that you need to secure even more, should be simply placed outside of Nextcloud data and the webroot, at best only accessible via SFTP or such at a dedicated non-default port or not shared to the internet at all.
Funny that you guys also bringing up the topic I am fighing already inside myself.
The Problem is, that not only I, but also my familiy and friends will use the cloud that are no technicans and cant be used with a VPN.
The forwarding was the thing I had in mind but I could not find the right path and file to edit the settings.
Mainly because the dietpi-software is so noobie friendly that it automatically installs all software needed for nextcloud and I just followed the recommendations.
As of habit I tried to find the apache config… (unsuccessfully) and then found at /DietPi/dietpi/conf the config files for nginx…
but changes didnt took any difference.
Checking the nginx status showed no installation.
After using the dietpi-software I saw that my webserver preference was lighttpd… and all software was installed accordingly to that (my mistake ofc).
So I am uninstalling every software right now, change the preference to apache2 and then install it again.
EDIT: I got it working.
My “domain.com” is not directing to /var/www/
To make it perfect I would like to get to the folder /var/www/nextcloud so I can just use “domain.com” instead of “domain.com/nextcloud”.
I already tried to change the DocumentRoot of my /etc/apache2/sites-availible/000-default-le-ssl.conf which does redirect to the right folder but nextcloud is giving a error, that the path is missmatching now.
In my case, it’s installed on Raspi 3 with Nextcloud ver 18 on lighttp server. However I’ve not found 000-default.conf in /etc/lightttp or ‘htaccess.RewriteBase’ in config.php. Still did the rest of instruction but it doesn’t work. Please help me in this case. Thanks