undefined

points

[-]

I host my entire homelab in my home and use tailscale to access it. You just connect your nextcloud instance to tailscale. Then you connect each client to tailscale. Works on iOS and android (and of course any desktop). When you're on you're home network (LAN), tailscale _should_ use the LAN IP for routing. And then when away, you'll route over derp servers usually.

You could also use tailscale for auth, but i like to enforce separate authentication so that you have to be authenticated to the tailnet and have to go through the normal authentication to app.

by bityard1 hours ago|

parent|

[-]

That works okay if you are the only user.

I use quite a few Nextcloud features where access via tailscale is either inconvenient or impossible. My whole family uses the calendar on their phones and other devices, which means they would have to either learn about VPNs, or I would be the one managing all their devices for them. (Neither are likely to happen.)

I also often share individual files or folders with external contacts as a more private alternative to dropbox or google drive.

by Melatonic12 minutes ago|

parent|

[-]

Cloudflare tunnel instead ?

by throwup23851 minutes ago|

prev|

[-]

> How do you folks deal with these massively increased threats to self-hosted open source apps?

I throw everything behind Cloudflare ZeroTrust SSO or whatever it’s called with a whitelist of Github accounts, and Cloudflare Tunnel to network the containers/VMs without exposing any ports to the outside (except SSH), enforced by both the cloud firewall and iptables/ifw.

by FabCH1 hours ago|

prev|

[-]

I ban almost the entire world using iptables.

Or rather, I drop all traffic other than that coming from my geo.

This has dropped my „rattling the door handle“ rate to 1/week instead of 1/second.

by drnick11 hours ago|

prev|

[-]

> I've considered taking my instance offline or at least behind a VPN

The practical downside is that you won't really be able to use all the features of Nextcloud that way, such as file sharing with people outside your LAN, or Nextcloud Talk (a Zoom substitute).

That being said, I don't store sensitive documents on my Nextcloud instance exposed to the Internet. For that, I have a Samba server on a LAN.

by 0fflineuser1 hours ago|

prev|

[-]

Host it in your home an use a vpn to connect to your home network when you are outside, that way it isn't exposed to the internet but you can still access it.

by theK1 hours ago|

parent|

[-]

Yup, that's the way it has to be. And thanks to the autocomplete on steroids we call Ai nowadays it actually has become way easyier to do such a thing.

by margalabargala1 hours ago|

parent|

[-]

Kinda like how once chemistry gets complicated enough we call it biology, LLMs have become complicated/versatile enough that it's no longer useful to call them autocomplete.

by cahaya1 hours ago|

prev|

[-]

Same. Solving it by moving complex and sensitive data to an offline desktop app https://document.bot that support offline (self hosted) AI models (and optionally EU/ US AI providers). However, it doesn't integrate yet with shared (org) drives.

by snailmailman1 hours ago|

prev|

[-]

I use nextcloud all the time, my private instance works great and does everything I need it to. But I keep it behind a VPN. It’s got a lot of parts, and thus a lot of surface area. It may be secure but I just assume it isn’t. I rely on the VPN to be the security boundary.

by freedomben1 hours ago|

prev|

[-]

Yeah definitely would put behind a VPN. I run mine on my desktop at home and use Tailscale (Headscale for self-hosting) to make it accessible when I'm out of the house. Blazing fast speeds when at home, and reasonable when not.

by zerkten1 hours ago|

prev|

[-]

Putting everything behind a VPN seems like the solution selfhosters have landed on. That way you have some control over how quickly you have to respond.

by codepoet801 hours ago|

prev|

[-]

I only use my ownCloud instance behind Tailscale...