I have a tiny personal website (currently under construction) hosted on my raspberry pi. I also want to setup an OwnCloud server, but on my actual desktop computer for several reasons (not only related to security, but mostly for usability in my specific case).

So I have a no-ip.org domain (free) and my router forwards port 80 requests to the pi. All working fine. For having a domain pointing to my owncloud server I setted my router to redirect requests from port 7654 (random one I chose) to port 80 on my desktop. Then I configured a no-ip domain to redirect the cloud domain to http://my.website.domain:7654, which is then redirected to my desktop.

Works perfectly. Maybe this isn't a great setup, but I'm really avoiding to mess with apache's configs as much as I can, because I've had problems in the past (security wise). And it works fast (remember it's a personal thing, not going to have much traffic).

So... I also configured no-ip domain to keep my owncloud url the same, instead of simply redirecting pages. I found it is called URL masking, and it's done by using a frame.

Ok, my questions are:

If I go to the source code of the owncloud website, I can see it's a frame redirecting to another port on another website. My issue is: is this a security risk? Anyone can know that they can directly access that page by using the url:port in their browser. Maybe it's not an issue, as anyone who runs my IP through a port scanner would probably find those ports being used. But I wonder (it's my desktop pc, would hurt me a lot more than just hacking into my RPi :P )..

Is there a way to completely hide that redirection, without going too deep on apache's configurations?

Am I being paranoid, idiotic and just plain stupid? :D

Thank you for any feedback you provide!