How can I secure connection to nextcloud?

Guides and tutorials for various stuff. Posted by DietPi users.
przemko
Posts: 153
Joined: Sun Mar 15, 2020 5:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

OK, thank You for help.
hyperreal
Posts: 1
Joined: Sun Mar 22, 2020 5:29 am

Re: How can I secure connection to nextcloud?

Post by hyperreal »

Port forwarding on a home router is generally a bad idea, as it opens your home network up to the public Internet and thus makes every connected device in your house vulnerable to an attack.

I have found that remot3.it works very well for this use case. You can install it from the dietpi-software menu.
przemko
Posts: 153
Joined: Sun Mar 15, 2020 5:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Hi, hyperreal. Is this service free? How does it works? Can You tell me something about it?
Regards Przemek
User avatar
Joulinar
Posts: 3699
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

@przemko

honestly I would not do that. You would establish a permanent connection between your system and a "unknown" US cloud provider. I'm not sure if this is a good idea.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 153
Joined: Sun Mar 15, 2020 5:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Hi, thanks for tip. Now I'm looking about how to secure my Emby server. I install fail2ban but I don't know is it working only for logging to my Dietpi SSH or everything (Emby and Nextcloud)?
Regards Przemek
User avatar
Joulinar
Posts: 3699
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

do you plan to have Emby accessible from Internet?

Fail2ban basically scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs, too many password failures, seeking for exploits, etc. Means as long as there is a log file that shows failed logins, it should work.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 153
Joined: Sun Mar 15, 2020 5:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Yes, I have Emby accesible from internet. I wants also to add SSL certificate but don't know how to start. Is this tutorial from SSL for nextcloud will work The same?
User avatar
Joulinar
Posts: 3699
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

well there a some guides on emby forum. First hits on google. So it's not that difficult. You can reuse the letsencrypt certificate you already created. Not sure if it is still valid but only thing needed is to convert certificates to "PFX/PKCS#12"

https://emby.media/community/index.php? ... emby-wiki/

https://emby.media/community/index.php? ... -for-emby/
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 153
Joined: Sun Mar 15, 2020 5:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Sorry but I don't understand. I have used letsencrypt to grnerate certificate for nextcloud. Now I can use the same certificate for Emby? I will be login on The same no-ip ddns domain? Myserver.ddnd.net/nextcloud but ending ...ddns.net/Emby?
User avatar
Joulinar
Posts: 3699
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

well I guess you have a misunderstanding what and how web browser certificates are working. The certificate is not used for Nextcloud only. Your webserver is using basically for all request that will be received for Myserver.ddnd.net, doesn't matter if it's Nectcloud or something else. However Emby will have his own webserver as it's not running on http port 80 or https 443. Therefore you would need to configure Emby to use the certificates. How to activate and convert the generally created letsecrypt certificate I linked you above. As you may noticed, Emby is using their own ports like 8096 for http. Once you have activated https it will be 8920. So don't miss to forward the correct port on your router.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply