Dangerous to just open those ports directly out (some of the most exploited and targeted ports on the internet)âŚbest recommendation is to create a VPN (use PiVPN)âŚtunnel inâŚthen thru an encrypted tunnel connect to your nextcloud like you are in a LANâŚ
You can specify non-standard (above 1024) ports to any port behind your routerâŚbut itâs always unsafe to just open portsâŚ
Of course a VPN is the most secure way to access your local network. But then you need to setup a VPN sever and you need to open several ports to access it, which can of course be attacked as well.
And every client, mobile phone, work place PC, friends/family you want you share data with etc, needs a VPN client and your access credentials.
And as well not all public networks allow to use the ports, required for VPN.
If you install Nextcloud and ask how to access via internet/from outside your local network, then you most likely want to sync data with e.g. mobile phone and/or share data with others. A VPN only setup will in most cases break this use case.
So in short:
If you want to to be able to just open a browser or web/cal/carddav client from anywhere to access your Nextcloud, you need to open those HTTP/S ports.
I would put more effort then on securing your webserver as good as possible, enable and enforce HTTPS for encrypted access and of course use a strong password for Nextcloud .
That private data, that you need to secure even more, should be simply placed outside of Nextcloud data and the webroot, at best only accessible via SFTP or such at a dedicated non-default port or not shared to the internet at all.
Funny that you guys also bringing up the topic I am fighing already inside myself.
The Problem is, that not only I, but also my familiy and friends will use the cloud that are no technicans and cant be used with a VPN.
The forwarding was the thing I had in mind but I could not find the right path and file to edit the settings.
Mainly because the dietpi-software is so noobie friendly that it automatically installs all software needed for nextcloud and I just followed the recommendations.
As of habit I tried to find the apache config⌠(unsuccessfully) and then found at /DietPi/dietpi/conf the config files for nginxâŚ
but changes didnt took any difference.
Checking the nginx status showed no installation.
After using the dietpi-software I saw that my webserver preference was lighttpd⌠and all software was installed accordingly to that (my mistake ofc).
So I am uninstalling every software right now, change the preference to apache2 and then install it again.
EDIT: I got it working.
My âdomain.comâ is not directing to /var/www/
To make it perfect I would like to get to the folder /var/www/nextcloud so I can just use âdomain.comâ instead of âdomain.com/nextcloudâ.
I already tried to change the DocumentRoot of my /etc/apache2/sites-availible/000-default-le-ssl.conf which does redirect to the right folder but nextcloud is giving a error, that the path is missmatching now.
So remove the ânextcloudâ from the URLs/paths there.
At last run ncc maintenance:update:htaccess to apply the new RewriteBase setting to Nextclouds internal .htaccess where pretty URLs are managed, so URLs do not contain the /index.php/ part.
In my case, itâs installed on Raspi 3 with Nextcloud ver 18 on lighttp server. However Iâve not found 000-default.conf in /etc/lightttp or âhtaccess.RewriteBaseâ in config.php. Still did the rest of instruction but it doesnât work. Please help me in this case. Thanks
you answered on a 2 years old post. So probably thinks changed in meantime. Next to this, the post you are referring was pointing to Apache web server while you are using Lightttp.
As well it would be good to know what is not working for you exactly!