this post was submitted on 09 Sep 2023
69 points (92.6% liked)

Selfhosted

40463 readers
368 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Says "Please type in the domain into the input field below that will be used for Nextcloud in order to create a new AIO instance."

I dont wanna unnecessarily spend money

you are viewing a single comment's thread
view the rest of the comments
[–] kristoff@infosec.pub 7 points 1 year ago* (last edited 1 year ago) (1 children)

Hi,

What is the reason you do not want a domain? it is not that DNS-domains are that expensive these days. The cheapest option I found is .ovh (which is one of the major cloud-providers in France), which is 3 euro / year (+VAT). You can then put as much hosts or subdomains under it, and it supports dynamic IP.

Agreed, .ovh is not the most "professional" looking domain, but it depends on what you want to do. If your goal is simply to have something for yourself / family / friends, then this is good enough.

BTW. Having your own domain for a nextcloud instance has additional advances: you can get a real https/tls certificate from letsencrypt, and -if you put a reverse proxy in front of your NC- it shields you from people who just scan the complete IP-space of the internet but who do not know your domain.

[–] strawberry@artemis.camp 1 points 1 year ago (1 children)

didnt want one bc i gotta pay, but its fine, and especially since i can get those certificates

[–] kristoff@infosec.pub 1 points 1 year ago* (last edited 1 year ago)

Hi,

Good idea!

And once you have you domainname, you can do the following:

  • set up a reverse reverse proxy (apache, nginx) in front of nextcloud
  • in the configuration of apache/bginx use virtual hosts.
  • make sure that the default virtualhost (in apache, that is the the one that does not have "ServerName") first in the configuration. Point that to a local website with just an empty directory
  • then, AFTER the default virtual host, add the reverse-proxy configuration of your nextcloud instance.

What this does, is that if somebody addresses your website with a URL that does not contain the exact hostname of your nextcloud, the webquery will go to the empty website and simply return a 404. A hacker who does a webrequest to "https://your-ip-address/login" will just get a "404 not found" and not reach your nextcloud instance.

This keeps people who just scan the internet for vulnerable systems and try out all kind of URLs to try to get in out of your nextcloud.

Of course, this only works if you keep the full hostname of your instance to yourself and do not post it somewhere (including social media, mailing-lists, ...)

Good luck with your nextcloud server