Ok. Yes, my use case is a private document and media store. I’m ungoogling.
VPN seems like a good place to start. But I’d like a simple answer, and I expect there are none to be had. As you’ve illustrated here, I’ll find a reason to punch holes in the firewall. And then I’m going to need to secure a web server. Life happens. I’ll keep it simple for now while I sort things. Thanks for your perspective.

Ya. I understand VPN. I do enterprise IT stuff. The things I build assume a secure environment. VPN is step one.
Nailing down a web server on the internet tho … there’s so many ways to attack. There’s so many things to secure. And its a bit complex to manage all that.
The nextcloud site covers hardening the server, but doesn’t even mention vpn.
I’ve been watching threads like this. I’m pretty convinced vpn is the answer.

Well, I might as well put a dog in the fight. I’m considering my final, actually secure deployment of nextcloud.

This discussion has convinced me that a vpn is the only answer.
And almost everyone says wireguard.

K. Thats what I will build.

And this is the start of the longest crypto nerd fight I’ve seen on Lemmy. Well done, people!

Thanks. That’s well laid out, straightforward. I have resources at home that I want access to through my vps. This is a good blueprint.

Joe knows.

Well that’s just it. You might know Joe. You just don’t know.

Thx for finally explaining this for me. I’ve not quite understood it till now.
Not knowing this detail made some Japan stories very odd.

Right? It seems like a WeWork, except they will help you front as well.
For most circumstances, I would imagine this extends no farther than using their mailbox and address.
The lead-in of the article doesn’t well represent the details. Pretty interesting, regardless.

RTFM. …
… The last thing you try.

Proxmox is Debian, so much of your ideas could translate directly across. That said, I try to mod the PVE server as liitle as possible.

Proxmox makes it so easy to spin up yet another VM or LCX to handle services with its core offerings. Also google “proxmox helper scripts” to find tteck’s additional stash of ready-made LCX.

Boy. You asked about Proxmox. Nobody said anything.

How does Proxmox make it easier? Have you used it? All sorts of ways. Like, its a full virtual infrastructure management system instead of just an OS. Proxmox loves ZFS. It does many of the things you’ve mentioned here.

Proxmox does have its own backup system that can work with an NFS target or with their smart dedupe storage and replication server product. https://www.proxmox.com/en/products/proxmox-backup-server/overview

You’ve got some pretty advanced ideas and perhaps have already moved beyond the Proxmox question. But if you are curious and haven’t used it, spin up a server and give it a whirl.

Do it. Jump in. Just start with whatever you can assemble.
It’s a great way to keep your room warm.

I don’t know about the Ubuntu LCX. I don’t container much.

I’d do this with a virtual machine and TrueNAS. Those are just the tools I like to use. The TrueNAS Scale ISO will install qemu-guest-agent, so you don’t need to worry about drivers. Make sure to build it with Virtio SCSI Single disk controllers. Use one 50gb OS disk for the install. Add huge data disk(s) after the install.
Promox Disk options … SSD emulation, Discard, IO Thread, No cache … and I use Write Back (unsafe). Use the Virtio NIC.

And try it again. Hopefully faster this time.