Mine is publicly exposed using the standard nextcloud:stable-apache docker container, with nginx (past) / traefik (present) handling TLS termination, but not otherwise adding additional security measures.
It’s been this way for several years and I’m yet to have issues, but it’s certainly not bulletproof since a critical vuln in Nextcloud could pwn it. That just hasn’t happened.
Mine is publicly exposed using the standard
nextcloud:stable-apachedocker container, with nginx (past) / traefik (present) handling TLS termination, but not otherwise adding additional security measures.It’s been this way for several years and I’m yet to have issues, but it’s certainly not bulletproof since a critical vuln in Nextcloud could pwn it. That just hasn’t happened.