I went back and read this and you should be able to with docker compose and watchtower.
this post was submitted on 24 Jul 2023
2 points (100.0% liked)
Nextcloud
12 readers
1 users here now
A community for discussing all things related to Nextcloud.
- Federation link: Search to federate this sub to your instance
Other resources:
- Official forum: https://help.nextcloud.com/
founded 1 year ago
MODERATORS
I don't know to much about security, its all just a hobby for me but maybe it could help you.
As far as I know, basically only open Ports are potential security risks. \
So I would
- close everything down besides 443 80 and 22,
- disable password based login for ssh
- use the snap version since it self updates(I don’t know when the alternatives update)
- Us a “Server” OS/ LTS
I personally use OpenSuse Leap with yast2 online_update_configuration configured to update patch one a week, but you can do this in every distro with cron jobs.
Yes, but 443/80 must be open and public. This lets an attacker exploit a (pre-auth) vulnerable in php or nextcloud.
I think the best you can do I stay up to date
if you are using the docker stack, use watchtower to auto update the containers.