Docker bypassing ufw is very bad
Docker bypassing ufw is very bad
If you disable password authentication, and use public key authentication, yes.
The reason for downvotes is comparing apple and oranges, and also throwing FTP in the mix!
Let’s consider SFTP and nextcloud. SFTP is a secure respected protocol for file transfer. If you use key authentication and disable the password authentication, it approaches to be bulletproof security wise. SSH has rarely had a vulnerability that would allow attackers in. It’s even have post quantum cryptography. It’s rather easy to set up. But it doesn’t do more than file transfer. It also doesn’t have a lot of GUI apps.
Nextcloud is like Dropbox. You can find A LOT of things in it (though frankly the quality of most of them may be low). File transfer is just one of the things that it does. It uses https, why? Because the web technologies and developers have focused on this versatile protocol in the past decades. You access internet through port 443 not 22!
If I want to backup data or transfer files, I use SFTP. Over the internet, I trust SFTP not nextcloud. For other things, I use other tools such as Synchting, nextcloud etc. Synchting allows syncing over SSH.
Seagate drives. Exos if your NAS is in a basement, or regular ironwolfs otherwise.
Instead of high quality expensive drives, consider more of the medium quality drives with more copies. And HDDs are much cheaper than SSDs at high capacities.
Those data centers need drives that are accessed 24/7 by many users simultaneously. They have perfect operating conditions such as temperature, don’t care as much about noise, etc. That’s not your case.
Consumers need consumer NAS drives, not enterprise drives.
Synology software and applications are way better
And CPU that is old and power consuming!
Mechanical hard drive storage has gotten really cheap. Just get Seagate ironwolfs now (or Exos if you don’t care about noise).
Is it 923+ or 920+?
Wireguard is what you want!
The 2 in this rule isn’t clear: 2 different media?
Why is it important if it’s DVD & HDD or SSD & HDD?
How do you compare Caddy with nginx proxy manager?
Frankly these are useless. SSH is secure by default and will never support algorithms that could be possibly broken. Same for TLS 1.3