Hi, finally setting up Nextcloud in an effort to de-Google myself and replace GDrive for good.

I am currently running Nextcloud via Tailscale and that works fine except for when i want to share a file to someone outside of my Tailnet. I have heard of federated Nextcloud but i am not sure that i quite understood the purpose of this or maybe there is a better solution? If i run two instances like that, will i simply be able to share certain files over to that instance for sharing?

  • poVoq@slrpnk.net
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    I think for the Nextcloud federation to work, both instances need to be publicly accessible.

    • baduhai@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Not true, both instances need to be able to reach each other through a domain, but they don’t both need to be public.

  • citizen
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    1 year ago

    deleted by creator

    • mysbyxor@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Thanks, did not occur to me to use a dedicated app for that purpose! Will check that out.

      • PriorProject@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        1 year ago

        Thread parent’s approach is what I would use as well. It makes lot of sense to isolate something as sprawling and with as large an attack surface as nextcloud… but that implies you can’t use it for public sharing. Any use that that DOES involve public sharing creates an incentive to choose a smaller and more auditable codebase (not that you’ll necessarily audit it yourself, but simplicity does have benefits here).

        Another approach I’ve used with semi-public services is to stick them behind a proxy I trust like Caddy or nginx and gate access to them with https basic auth. Basic auth rightfully gets dismissed in many security contexts, but in the case of personal self-hosting it can serve a useful purpose. The proxy handles the basic auth, and no network packets can reach the protected application until basic auth is complete, which completely protects against unathenticated exploits in the protected application (though obviously exploits against the proxy would still work, but major proxies are pretty well hardened). The major downside here is that you can’t really use mobile apps, as none of them support this niche and frankly dubious approach to network access control. But for public sharing, you’re almost certainly having folks use a browser as their client rather than an app, and for the small convenience overhead of the basicauth login you get a pretty significant reduction in unauthenticated attack surface. The app limitation again makes this a poor match for Nextcloud, but a good match for a standalone public filesharing system that you don’t quite trust as much as your proxy.

        Edit: If you want to get fancy you could even expose the same Nextcloud instance BOTH via tailscale for your own app use behind a basicauth proxy for semi-public sharing. It gets network protection in both cases, but basicauth is sort of kind of easy enough to grant semi-public access to.

  • atzanteol
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Aren you sharing files to collaborate or just “send things to others?”

    You could just setup nginx or apache and put files in a directory that it serves and send the link to your friends.

  • vegetaaaaaaa@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I run two nextcloud instances for this exact purpose (set up using this role so it’s not more complex to manage than just one instance).

    Personal instance on home server, shared instance on rented VPS. When I want to share a file/folder I just copy it to the VPS instance and use the “share by link” feature.