Says “Please type in the domain into the input field below that will be used for Nextcloud in order to create a new AIO instance.”

I dont wanna unnecessarily spend money

  • strawberryOP
    link
    fedilink
    11 year ago

    didnt want one bc i gotta pay, but its fine, and especially since i can get those certificates

    • @kristoff@infosec.pub
      link
      fedilink
      English
      1
      edit-2
      1 year ago

      Hi,

      Good idea!

      And once you have you domainname, you can do the following:

      • set up a reverse reverse proxy (apache, nginx) in front of nextcloud
      • in the configuration of apache/bginx use virtual hosts.
      • make sure that the default virtualhost (in apache, that is the the one that does not have “ServerName”) first in the configuration. Point that to a local website with just an empty directory
      • then, AFTER the default virtual host, add the reverse-proxy configuration of your nextcloud instance.

      What this does, is that if somebody addresses your website with a URL that does not contain the exact hostname of your nextcloud, the webquery will go to the empty website and simply return a 404. A hacker who does a webrequest to “https://your-ip-address/login” will just get a “404 not found” and not reach your nextcloud instance.

      This keeps people who just scan the internet for vulnerable systems and try out all kind of URLs to try to get in out of your nextcloud.

      Of course, this only works if you keep the full hostname of your instance to yourself and do not post it somewhere (including social media, mailing-lists, …)

      Good luck with your nextcloud server