This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/KekTuts on 2025-07-21 21:04:47+00:00.
Hi all,
I have been self-hosting Nextcloud for a while and felt reasonably safe exposing it with plain port-forwarding, since it is a mature project with a solid security record. Recently I added Immich (self-hosted photo library) and a couple of smaller services, and now I am less confident about leaving ports open to the internet.
That leaves me with three options, and I am curious what the community really does in day-to-day use:
- Connect to a VPN only when needed. Fire up the client whenever you want to upload or access something, then disconnect when you are done.
- Run an always-on or split-tunnel VPN. Keep the VPN active (or route only the self-hosted domains through it) so you never have to think about it.
- Stick with port-forwarding. Keep everything exposed and skip the VPN entirely.
The friction of step 1 (open VPN every time I want to view a photo or file) sounds annoying, but the battery hit of step 2 on my phone worries me as well. Step 3 feels riskier now that I am running more than just Nextcloud.
How do you balance security, convenience, and power usage? Would love to hear what has worked for you and why.