Hi, finally setting up Nextcloud in an effort to de-Google myself and replace GDrive for good.
I am currently running Nextcloud via Tailscale and that works fine except for when i want to share a file to someone outside of my Tailnet. I have heard of federated Nextcloud but i am not sure that i quite understood the purpose of this or maybe there is a better solution? If i run two instances like that, will i simply be able to share certain files over to that instance for sharing?
You must log in or register to comment.
Here is my security point of view. Second instance would be too much overhead for just one use case of sharing file. You have to decide how comfortable you are with exposing anything in your private network. I would personally not expose Nextcloud instance because it’s complex application with many modules each possibly having 0day exploits. If your goal is to share a file and selfhost I would look into dedicated apps for that purpose. You can setup simple microbin/privatebin on dedicated hardware in DMZ network behind firewall. You should run IDS/IPS on your open ports (pfsense/opnsense have that nicely pairs with crowdsec). You could also look into cloud fare tunnels to expose your dedicated file sharing app but I would still use as much isolation as possibilities (ideally phisical hardware) so that it would be not easy to compromise your local network in event of breach. Regardless selfhosted solution will always pose risks and management overhead if you want to run a tight setup. It’s much easier to use public cloud solution. For example proton drive is encrypted and you can share files via links with people.
Thanks, did not occur to me to use a dedicated app for that purpose! Will check that out.
I use Pingvin to share one off files for that purpose. It’s super easy to set up and works great.