Hey y’all! First time trying to self-host something, I started with a local Nextcloud instance for me and my family to use. I just wanted to make sure that no outsiders can enter the instance (access it or its files) through a browser on another connection.
I don’t have a DNS server so we access it through its IP address. The connection is unencrypted (I don’t know if this is a problem on a local instance, but from what I’ve read, I need a local DNS server to encrypt it, as well as to be able to set a domain (?) name (I don’t really know if it’s a domain name, but I’m referring to the website name, for instance google.com). I don’t think leaving it as it is (unencrypted, no domain name, only accessible through IP) will be problematic. Could other people access the server remotely with this setting? By remotely, I mean from far away. I tried out Nextcloud’s own Security Scan and it returns:
Scan failed! The scan for the specified domain failed. Either no Nextcloud or ownCloud can be found there or you tried to scan too many servers.
I’m guessing this is a good thing for what I’m trying to achieve?
for reference, the tutorial I’ve used is this one under Linux Mint
You don’t need a local DNS server to set up https, but you do need a domain name. If it’s something that you wanted to pick up, you can buy them at a number of different places and you’d have to set up a mechanism to make sure the IP address referenced is the correct one. You can either do that by having a static IP address or by setting up some form of dynamic DNS. Then you can use letsencrypt to set up https.
Okay so here’s I think the core of your question though: the only way that someone outside of your network can access your nextcloud is if you have set up the server to be accessible from the outside world. You would have to go into your router and forward Port 80 to the local IP address of your nextcloud server. If you don’t do that, then it will only be accessible to the people inside of your network. Rotors do something called Network address translation which lets many devices on your local network connect to the internet despite only having one external IP address. If you’re accessing the server using a 192.168 address or a 10.x.x.x address you are already using the internal IP address and not your external Internet IP address so you’re likely safe.
One neat trick because remembering IP addresses is a pain in the butt is the hosts file. On windows it’s in c:\windows\system32\drivers\etc\hosts and you can set a hostname to immediately resolve to a certain IP address. It’s particularly nice because it’s free, it’s fast, and once you set it you can forget it.
My websites are on the public internet, but I use the host to file to point them at the internal IP address because that way I can directly connect to my servers even when the internet is down.