{"id":11309,"date":"2024-01-19T19:33:19","date_gmt":"2024-01-19T17:33:19","guid":{"rendered":"https:\/\/www.main-vision.com\/richard\/blog\/?p=11309"},"modified":"2024-01-19T19:33:19","modified_gmt":"2024-01-19T17:33:19","slug":"nextcloud-and-the-open-web","status":"publish","type":"post","link":"https:\/\/www.main-vision.com\/richard\/blog\/nextcloud-and-the-open-web\/","title":{"rendered":"Nextcloud and the Open Web"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span><p>Two evenings ago I played with setting a No-ip host, setup the Swisscom router to make a Pi available in the DMZ so that I could access the apache server and Nextcloud from the open web and it worked. I had it all done within 15-20 minutes. Now for those with the &#8220;But why nextcloud?&#8221; the answer is simple. It offers two factor authentication and it is trusted by various EU institutions and governments. It is also trusted by Geneva but I don&#8217;t remember by whom, at this point. <\/p>\n<p>## Multiple Hacks Due to Vulnerable Apps<\/p>\n<p>I have had a website and web presence on the web since 97 or so but in recent years some of my older projects, but also WordPress, were repetitively hacked to the point that I deleted all the old projects that I had on the site because they made my website vulnerable to attack. Several times my website was locked and I had to spend several hours, or even days to restore access. After a few experiences I streamlined recovery, but I also increased security. Now all my accounts have two factor authentication and each site has a different password. <\/p>\n<p>## PhotoPrism Unvetted<\/p>\n<p>In theory PhotoPrism would be fun to have on the open web, because I could upload images, and share them more easily.\u00a0The drawback is that I haven&#8217;t RTFMed (Read the fabulous manual) on two factor authentication for PhotoPrism. <\/p>\n<p>## WP and NC Two Factor Authentication<\/p>\n<p>WordPress and NextCloud are both designed with the option for two factor authentication so those are the two sites that I have running. For a while I thought &#8220;but if I run it through the tailscale VPN that&#8217;s good enough for me&#8221; and it is. I&#8217;m happy to block off full access to these services, so that only I, and those I share these devices with have access but at the same time it&#8217;s good to learn and to experiment. <\/p>\n<p>## Easier than Expected<\/p>\n<p>I expected that punching a hole through the server would be complicated but it was easy. I intuitively knew what to do without RTFM. I should add that I have spent the last three years studying related topics so &#8220;intuitive&#8221; means &#8220;put in the hours&#8221;. <\/p>\n<p>## Firewalled<\/p>\n<p>I also set up UFW the morning before attempting this experiment and I tested whether I had SSH access from the World Wide Web. It&#8217;s when I saw that I didn&#8217;t that I setup two factor authentication. If that wasn&#8217;t the case I would have deleted the no-ip address. <\/p>\n<p>## The Advantage of the Open Web<\/p>\n<p>The advantage of having the servers on the open web is that I can share links to files more easily when required to do so. It also means that I can backup photos whilst I&#8217;m out, without having to log in through the VPN. <\/p>\n<p>The disadvantage is that I need to verify that my setup is secure and I need to spend time checking that SQLi attacks, among others are not possible. I added wordfence for the WordPress install and brute force protection and two factor authentication to NextCloud. Having done these things I still want to do some more research to ensure that the sites are secure on that one server. <\/p>\n<p>## The VPN\u00a0Advantage<\/p>\n<p>The VPN advantage is that I control access and it&#8217;s behind security protocols put in place by Tailscale. It should be harder for people to gain malicious access. <\/p>\n<p>## And Finally<\/p>\n<p>Now that I have seen how simple it is to make a home server available to the World Wide Web, rather than hidden behind a VPN I might setup a smaller instance with less storage that is setup to back up photos and videos while I&#8217;m hiking and walking, but that would be emptied and moved to a more secure instance within my personal network. <\/p>\n<p>Time for more experimentation. <\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>Two evenings ago I played with setting a No-ip host, setup the Swisscom router to make a Pi available in the DMZ so that I could access the apache server and Nextcloud from the open web and it worked. I had it all done within 15-20 minutes. Now for those with the &#8220;But why nextcloud?&#8221; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":10495,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[255],"tags":[5221,2370,86,6342],"class_list":["post-11309","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-swiss-walks","tag-authentication","tag-security","tag-trust","tag-two-factor-authentication"],"jetpack_publicize_connections":[],"_links":{"self":[{"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/posts\/11309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/comments?post=11309"}],"version-history":[{"count":1,"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/posts\/11309\/revisions"}],"predecessor-version":[{"id":11310,"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/posts\/11309\/revisions\/11310"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/media\/10495"}],"wp:attachment":[{"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/media?parent=11309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/categories?post=11309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.main-vision.com\/richard\/blog\/wp-json\/wp\/v2\/tags?post=11309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}