CodingSheep

New Member
Mar 26, 2021
3
0
1
Hi there,

I've set up a small nextcloud instance on my home server.
In the meantime, I connect directly via port forwarding and HTTP / HTTPS Port to the web interface of nextcloud.
But because forwarding ports in the router could be a possible security risk, I want to avoid this practice.

My Idea:

I want to bypass the traffic, which is going to my nextcloud server over a vserver in the cloud. ( like a reverse proxy with user authentication )​
Also, it would be nice, if users could authenticate first on the vserver in the cloud and then get forwarded via VPN to my local net.​
To do this, I've read of TACACS and RADIUS as authentication protocols.​
Final Question: Is it possible to realize my idea and host nextcloud on the public internet, but with an authentication server.

kindly regards from Germany:

Benedikt
 

markarr

Active Member
Oct 31, 2013
416
114
43
You can look at the guide on smarthomebeginner.com he has a guide for using trafik and 2 factor auth.
 
  • Like
Reactions: CodingSheep

deviantintegral

New Member
Dec 29, 2020
6
0
1
I've been keeping my eye on https://boringproxy.io for this type of setup, but it doesn't support websockets so it won't work with Home Assistant. Curious if anyone has experience with similar systems that do support websockets. The closest I've seen is Caddy, as Traefik is a little too tied to docker for my tastes.

Since most systems have their own internal authentication, unless you want to set up SSO (which is big and complex), that may be a requirement that's best dropped.
 

CodingSheep

New Member
Mar 26, 2021
3
0
1
I've been keeping my eye on https://boringproxy.io for this type of setup, but it doesn't support websockets so it won't work with Home Assistant. Curious if anyone has experience with similar systems that do support websockets. The closest I've seen is Caddy, as Traefik is a little too tied to docker for my tastes.

Since most systems have their own internal authentication, unless you want to set up SSO (which is big and complex), that may be a requirement that's best dropped.
I think I could use Nginx for that.
 

casperghst42

Member
Sep 14, 2015
38
10
8
53
A VPN solution is the easiest and the fastest way to create a setup like this. Meaning you run for example OpenVPN on your router, and when connected to it, you’ll have access to your NextCloud. You can run a proxy server on a cloud server instance, which then uses VPN to connect to your Nextcloud instance at home. For authentication look at SAML (way easier than having to forward Radius), and then you look in that direction look at sites like Okta (or similar) which does cloud authentication and other nifty stuff for you.

At the end of this, running your own VPN on your router or in a DMZ is probably the least amount of work, and should provide enough security.