Says “Please type in the domain into the input field below that will be used for Nextcloud in order to create a new AIO instance.”

I dont wanna unnecessarily spend money

  • kristoff@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    Hi,

    What is the reason you do not want a domain? it is not that DNS-domains are that expensive these days. The cheapest option I found is .ovh (which is one of the major cloud-providers in France), which is 3 euro / year (+VAT). You can then put as much hosts or subdomains under it, and it supports dynamic IP.

    Agreed, .ovh is not the most “professional” looking domain, but it depends on what you want to do. If your goal is simply to have something for yourself / family / friends, then this is good enough.

    BTW. Having your own domain for a nextcloud instance has additional advances: you can get a real https/tls certificate from letsencrypt, and -if you put a reverse proxy in front of your NC- it shields you from people who just scan the complete IP-space of the internet but who do not know your domain.

      • kristoff@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Hi,

        Good idea!

        And once you have you domainname, you can do the following:

        • set up a reverse reverse proxy (apache, nginx) in front of nextcloud
        • in the configuration of apache/bginx use virtual hosts.
        • make sure that the default virtualhost (in apache, that is the the one that does not have “ServerName”) first in the configuration. Point that to a local website with just an empty directory
        • then, AFTER the default virtual host, add the reverse-proxy configuration of your nextcloud instance.

        What this does, is that if somebody addresses your website with a URL that does not contain the exact hostname of your nextcloud, the webquery will go to the empty website and simply return a 404. A hacker who does a webrequest to “https://your-ip-address/login” will just get a “404 not found” and not reach your nextcloud instance.

        This keeps people who just scan the internet for vulnerable systems and try out all kind of URLs to try to get in out of your nextcloud.

        Of course, this only works if you keep the full hostname of your instance to yourself and do not post it somewhere (including social media, mailing-lists, …)

        Good luck with your nextcloud server