I’ve been self-hosting my Nextcloud instance for a few years and the longer I kept it public, the more uneasy I got about the fact that it’s accessible to anyone. There is no reason to suspect that Nextcloud login system is vulnerable, but it’s better to be safe than sorry. Nextcloud doesn’t really prioritise security, and I don’t want any of my home computers to be freely reachable from the Internet.

That said, I often need to access my Nextcloud instance when I’m not at home, so making it completely unreachable is not an option. I’m already familiar with WireGuard, so I decided to create a private virtual network and share it between the hosts which use Nextcloud. I had to part ways with LetsEncrypt certificates since I stopped using domain names, but it didn’t affect anything in any disruptive ways.

Having your home network exposed to host in the Internet host was a dumb idea, and I don’t recommend doing that.