1
I would like to set up a small NextCloud installation on a Raspberry Pi 1 Model B+, or something like that, on my home network.
I would like it to be accessible from the outside with a DNS of some sort. The idea is to create my private Dropbox.
Now regarding security... should I place the NextCloud server in DMZ and forbid everything except port 80/443 for nginx or Apache to serve the required HTML, or is there a better, more secure way to achieve my goal?
This is the network diagram I have in mind (thank you Alex):
Internet---Router1---Router2====Home Network (Wi-Fi, LAN)
|DMZ
+---Raspberry Pi
What hardware do you recommand?
Obviously I already have a home provider provided router.
3A DMZ (as opposed to an “Exposed Host", which is generally all that consumer routers support) requires you to split the (local) network using a firewall. Do you have the required hardware? – Daniel B – 2019-10-09T14:00:40.823
Hi! what do you have to create the DMZ? how is the network diagram? I think you will get better alternatives if you explained that. Cheers. – Jorge Valentini – 2019-10-09T14:01:51.830
Since you're hosting this in your home network a DMZ is the most secure way to accomplish your goal, yes. You need a capable firewall, like pfSense or a Cisco ASA. The rules should be just as you said: deny all except for TCP port 80/443 for web traffic (and/or any other required ports, but nothing more). – SamAndrew81 – 2019-10-09T14:33:41.633