How can I secure connection to nextcloud?

Guides and tutorials for various stuff. Posted by DietPi users.
User avatar
Joulinar
Posts: 713
Joined: Fri Nov 15, 2019 11:49 pm

Re: How can I secure connection to nextcloud?

Post by Joulinar »

well I guess you still would need http on your router (port-forwarding) to be able to recreate your certificate. Keep in mind that the certificate has a lifetime and would need to be re-created before it expire.

If you use dietpi-letsencrypt to create your certificate, you could set the option Redirect to ON. This should redirect each http request on your webserver to https automatically.

przemko
Posts: 49
Joined: Sun Mar 15, 2020 4:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

OK, thank You for help.

hyperreal
Posts: 1
Joined: Sun Mar 22, 2020 4:29 am

Re: How can I secure connection to nextcloud?

Post by hyperreal »

Port forwarding on a home router is generally a bad idea, as it opens your home network up to the public Internet and thus makes every connected device in your house vulnerable to an attack.

I have found that remot3.it works very well for this use case. You can install it from the dietpi-software menu.

przemko
Posts: 49
Joined: Sun Mar 15, 2020 4:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Hi, hyperreal. Is this service free? How does it works? Can You tell me something about it?
Regards Przemek

User avatar
Joulinar
Posts: 713
Joined: Fri Nov 15, 2019 11:49 pm

Re: How can I secure connection to nextcloud?

Post by Joulinar »

@przemko

honestly I would not do that. You would establish a permanent connection between your system and a "unknown" US cloud provider. I'm not sure if this is a good idea.

przemko
Posts: 49
Joined: Sun Mar 15, 2020 4:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Hi, thanks for tip. Now I'm looking about how to secure my Emby server. I install fail2ban but I don't know is it working only for logging to my Dietpi SSH or everything (Emby and Nextcloud)?
Regards Przemek

User avatar
Joulinar
Posts: 713
Joined: Fri Nov 15, 2019 11:49 pm

Re: How can I secure connection to nextcloud?

Post by Joulinar »

do you plan to have Emby accessible from Internet?

Fail2ban basically scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs, too many password failures, seeking for exploits, etc. Means as long as there is a log file that shows failed logins, it should work.

przemko
Posts: 49
Joined: Sun Mar 15, 2020 4:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Yes, I have Emby accesible from internet. I wants also to add SSL certificate but don't know how to start. Is this tutorial from SSL for nextcloud will work The same?

User avatar
Joulinar
Posts: 713
Joined: Fri Nov 15, 2019 11:49 pm

Re: How can I secure connection to nextcloud?

Post by Joulinar »

well there a some guides on emby forum. First hits on google. So it's not that difficult. You can reuse the letsencrypt certificate you already created. Not sure if it is still valid but only thing needed is to convert certificates to "PFX/PKCS#12"

https://emby.media/community/index.php? ... emby-wiki/

https://emby.media/community/index.php? ... -for-emby/

przemko
Posts: 49
Joined: Sun Mar 15, 2020 4:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Sorry but I don't understand. I have used letsencrypt to grnerate certificate for nextcloud. Now I can use the same certificate for Emby? I will be login on The same no-ip ddns domain? Myserver.ddnd.net/nextcloud but ending ...ddns.net/Emby?

Post Reply