Ask HN: Self-hosting in 2023: Nextcloud on Linode, or...?
Plan A: Nextcloud on Linode. Probably not the dirt cheapest choice, but affordable as a steady expense right now, and it seems to provide a lot of resource headroom while I get on top of how it works and what my actual needs are gonna be re compute and bandwidth and so forth, as well as allowing me to stand up any extra services I may want on this web presence - Nextcloud's open nature is good for that as well, but I want access to the system itself.
What I need:
I will be using one of the Nextcloud office suites for the same stuff I currently do on Google - text documents (chord charts mostly), spreadsheets, etc.
Likewise I will be figuring out how to hoover every photo and video taken by our phones and computers up into a backup collection, and we can then treat our phones like "thin clients" which are only representing our data, not storing it. I have not successfully used any organizational aids for pictures before so for now I'll be happy just to have a collection of dated folders for each phone, and we'll improve from there. It will be stored in some sort of cheap bucket or block storage as well as on my local ZFS server (seems like block storage might be the better choice for that reason).
Likewise I want to get all my email history backed up somewhere other than gmail's servers on an ongoing basis. I don't think I'll stop using that email address and I don't expect to actually control my email (nor would I want to), but I don't want to be in a position anymore where Google could just up and decide to lock me out of my own communications history based on some algorithm. That said, I will probably also setup some sort of alternate email that is not on any .com platform and possibly transition to it over time, and all email will end up here.
Re platform, I think that I could probably do it a lot cheaper on AWS, and I think I know how to get that done without getting snagged by one of their runaway expense traps, but I'm not completely sure. I do not trust them not to find some way to slip a thousand dollar bill past me before I realize what their automated system is doing.
Linode, on the other hand, have a good reputation in terms of competence and reliability, and from what I can tell the price they are offering is not completely out of whack. They even offer the quick deploy version, but I do believe I would just take a raw server and stand it all up myself, I have security people in my family who can make sure I'm not hanging my junk out the front door before I go live.
I am also considering Digital Ocean, who I've dealt with a little bit in the past and found them great.
Future plans for this server include some kind of federated publishing - Nextcloud might even have some sort of blogging extension that could be further extended, or maybe even it's already implemented, I'm not that up on it yet. It's just a high profile self-hosting system that I noticed.
Or I might add a small Mastadon to the server for the same people who use the Nextcloud, but I'm hearing a lot about runaway transfer fees so I'm gonna wait and see before I stand one up myself. But that's why the raw server instead of the one-click solution, one way or another I'm gonna get on ActivityPub.
Anyways, thoughts anyone? Like I said, current plan is Nextcloud on Linode for a while and see how it goes, but if there's something leaner or more extensible or that handles ActivityPub better or whatever I'd love to know.
241 comments
[ 3.0 ms ] story [ 264 ms ] threadThere's a variable I don't understand with self-hosted cloud/storage: what guarantees do you have that they're not peeking at what you store? Why do you trust them over $CORP? Do you encrypt your data at-rest (dm-crypt, fscrypt, etc.), and do block storage providers support this?
edit: fix typo
However, if you go with a really small cloud/server provider, you may run the risk of a bored employee poking around. The larger ones will have auditing in place to catch stuff like that.
No warning that they would charge it, no pre-authorization, no grace period to rectify the problem, just shut down the servers at 2AM in the night.
Not happy to say the least.
But definitely be extra careful with your backup and DR plans if using dirt cheap hosts…
A dedicated server on something like Hetzner is ~£50 a month, put portainer or proxmox (or portainer inside proxmox) and run whatever you want.
Use traefik to direct things.
Use backblaze, or hetzner boxes etc as storage backups etc
It was objectively great, but eventually I migrated everything to Linux in order to make things more accessible to the people coming over from Windows servers, and I didn't find that things got any less stable or reliable. Of course, it might be that I'm the common factor there, for good or ill :>
Even though I am Linux Engineer by job title, I've lost the sticky from the adhestive that Linux used to give me. It feels now more of a pressured big-corp grab then an OS that made game-changing moves. It's made it's comfort zone.
I am cynical and that when one thing gets popular I tend to shift. So when FreeBSD becomes the next glory, I'll probably jump to Solaris or something; that and bHyve.
That hypervisor has never let me down. With ZFS Snapshots and bHyve writing directy zvols, is just too tasty to turn down.
In the long run, independence is worth something. It is just costly.
There's a lot that can be automated now. I self-host everything, been doing for more than a decade now. Partly on home server and partly on servers I rent. Everything is kept up to date and the pain points have been fairly low.
It's definitely not a set-up and forget thing, but it is definitely not a lot of work.
It's also a good way to learn things, the process itself is not a waste of time.
In this case, I've identified a couple of hard target outcomes which pertain to accessing documents, backing up photos in a way that I understand and trust, and a couple of other minor things, and it appears to me that those specific targets are in reach at a non-crazy price.
But I agree, it's very intimidating to even contemplate, hence my coming to get the thoughts of this community on what's the best way.
2) how much stuff are you planning on hosting?
3) how much bandwidth do you need?
nextcloud was (I've not checked recently) very hard to secure properly, so you'll probably want to hide it behind a VPN or some such.
The other thing to think about is the amount of time you have budgeted for initial setup, and on going maintenance. you will need to have backups, and those backups need to be tested.
For hosting, you need disk space, so if you have enough bandwidth at home, its car cheaper to have a low power server with a couple of big disks in it, than it would be to host that data on S3/other block storage.
AWS will be much more expensive than linode or DO. assuming you are not using the managed services.
finally, I would advise getting your physical instances controlled via ansible or terraform, and if you are using docker, get that config in some sort of repo, so you can teardown and bring up your infra on demand. This make disaster recovery much easier (or porting)
I've not heard of nextcloud being particularly onerous to lock down, compared to other systems of its ilk (and it should be easier than securing something string together from smaller parts). The main trick with “standard” packages like these, once you've done the initial hardening, is making sure you keep bang up-to-date with security patches from upstream.
> its car cheaper to have a low power server with a couple of big disks in it, than it would be to host that data on S3/other block storage
Though a good block storage provided should give your data more redundancy and a lower time-to-recovery than a pair of old drives in RAID1. Of course, you still want good backups on another provider, just in case.
Check performance too: some block storage providers might be notably faster (SSD/RAM cached storage etc) or much slower (mostly traditional drives, high levels of contention on the storage arrays, latency between your app and the storage array) than those inexpensive local drives.
2) My personal data. Who knows. Might end up needing a TB or more by the time I'm done snapshotting and whatnot, this is gonna be a process.
3) Enough lol
Sorry to be flip, but at this point I have more abstract targets:
-hoover up all photos taken by all my devices and place them in a central backup place with both cloud and local storage. Ideally some nice UI for browsing and organizing and such.
-replace Google Docs/Sheets functionality, including public internet accessibility (though I may do the VPN, or an SSH tunnel maybe, these are not bad ideas at all) with a server I control.
And yes, handling it with my own scripts and such has occurred to me as well, but you know how that ends up going.
Nextcloud seems to be a popular tool that does these things. That's what I know. There's been a number of interesting suggestions in the comments that I'm now gonna look into before I act, though.
Similar offer and simplicity as DigitalOcean, but way lower prices. I had to reach support a few months ago, and they were pretty responsive.
They also show the prices per month, not per hour/milisecond/byte/whatever. As I'm also the one paying the invoices, I really like that.
Neither their docs or two separate support agents I spoke had any information on why it was necessary, where the copy would end up, how long it would be kept, etc. which seemed very fishy and is totally illegal.
This was about a year ago.
Appreciate you asking though
Either way, they knew the business' VAT ID, Chamber of Commerce ID, etc. and had been billing us successfully using that info for a good while, there were no outstanding bills, and there was nothing nefarious or questionable going on our servers or with the associated traffic (just running legacy applications and services).
All in all a super weird experience, which was a shame since we were otherwise and up until then quite happy with them.
[1]: https://en.wikipedia.org/wiki/European_Union_value_added_tax...
From personal experience. There have been other conversations on HN in the past about this. Mine was not an isolated incident.
Their pricing page is really confusing to navigate and figure out what's what.
There you go, $300 one-time cost, and you have a very powerful private server that can run all your self-hosted stuff. Via Tailscale, it can even expose some services to the public internet, if you feel the desire to do so.
To add to parents great idea, this is 70 bucks more (currently $320 versus $390 for this on Amazon US) and it's an 8 core ryzen and 32gigbs of ram so will handle a lot more:
https://www.amazon.com/dp/B0BFBNDVW8?psc=1&ref=ppx_yo2ov_dt_...
Not affiliate, just anecdotal, just purchased this for myself this last fall and its fast and cheap and I feel the best current value from mini pc's at sub 400. The ones at 600-1000 cost are just incrementally better from this one's specs so I feel it's the sweet spot at $390. So your server can be much much beefier for not much more.
I may even be running a GPU externally on this :)
What frustrates me, and why I don't do it any more, is we don't have a manageable story for most things. In many cases there's a good recipe you can follow to stand up the basic service. But hardening, security patching, etc. aren't covered. You have to come up with your own solution to make sure it's up, etc. On top of that, projects come and go, and someone may unfortunately choose a project that's a dead end and won't be patched. (And big-budget cloud doesn't solve many of these issues, either).
My personal fear is that a lot of self-hosted stuff becomes like all the unpatched Wordpress sites, years ago, that were just vectors for hacks. It wasn't that the data was stolen, they were pretty much pwned to launch other attacks. There are just too many solutions out there for all the bits and pieces needed to keep stuff up and secure. And all those fiddly bits are hand-integrated (for the most part). I'd like to find something that provided me a full stack, with all the boxes checked. I would get monitoring and security patching around all the bits.
In the interim, I try to use products from companies that either don't primarily make money by advertising based on my data (even if the products are more expensive). (Note that advertising is what you do when you're out of real ideas - so it's inevitable that all companies head that way when MBAs with no imagination want a safe return). Or, I use products that are (as much as possible) open source. (There are still disturbing amounts of proprietary blobs in my Raspberry Pi homely servers, for example).
With all that said, I wish you luck! I've run my own infra in the past and it's fun.
I think part of the problem is that this is exactly the kind of stuff that is not fun. It’s that boring middle layer between the OS and apps. Compounding the problem is the fact that the people who know that layer well feel no personal need to fix its usability issues.
Programmers want to work on AI and distributed systems and games and other sexy things. Even people who work in the middle layer would rather work on sexy problems there like hyperscaling with Kubernetes and architecture as code.
Making regular old systems easy to use for boring not-hyperscale uses just isn’t sexy so open source devs don’t do it. The economic model for commercial stuff only incentivizes the leveraging of this problem for vendor lock in or to move people into SaaS where data can be mined and rent can be charged forever.
At this point the whole industry is herding everyone into SaaS walled gardens because that’s the only working economic model in software. I don’t see this changing without a movement similar to open source in its heyday in the 90s, but to steal fire from the nerds and bring it to the masses.
I’m not optimistic because nobody seems to care. It might take a whole cycle in which all freedom and privacy is completely lost. Experiences like Twitter just aren’t cutting it. People are stuck on either “woke Twitter was bad” or “pilled Elon bad” instead of realizing that the problem is intrinsic to walled gardens. All cloud spies on you and all social media is manipulating discourse for someone. No exceptions.
It exists: https://yunohost.org/#/. Install the distro, and then it's all clickety-clicks for all your apps (which are softwares like nextcloud, cryptpad, bitwarden, bitter, etc..)
The backup and restore also has to be continuous and seamless.
Yunohost is mainly full of community contributions, quite a few of which have been abandoned. Some are stuck on old versions, some use migration scripts which may or may not do things the correct Yunohost way, some use migration scripts with bugs which can lead to data loss. The front end is slick, but it's the wild west behind the scenes. There's not even a mechanism for regularly reviewing if apps have been abandoned - I've manually reported a couple.
Cloudron is probably better than most as they have a financial incentive, but then that targets their apps towards "professional" users.
I would say NASs from Synology or QNAP provide that. Small but good managed Appstore with autoupdate and file/config backup.
I have a backup process running on it, but back up disk space is a lot cheaper than live disk space attached to a VM, so it's a lot cheaper than the requisite VM disk space would be.
That said:
"and I think I know how to get that done without getting snagged by one of their runaway expense traps, but I'm not completely sure. I do not trust them not to find some way to slip a thousand dollar bill past me before I realize what their automated system is doing."
This is a per-service concern. EC2 may be old & busted & "just VMs, dude, get cloud native you early 2000s buffoon" & totally uncool... but also precisely because it is just a VM, it is also bounded. It won't blow up on you, because you can't just use 100 times the service you expected. Worst you can do is use the network like crazy, and for as expensive as bandwidth is at large scales, at this scale it's not going to break your bank unless you really screw up. I'm bounded by the fact my home network connection won't let me go too crazy anyhow. (Or on a small T3 instance you can turn on unlimited credits and then run those up, but there's a bound on how large that can be even if you're running 100% full time and it's not huge.)
Just some options. Mastadon is presumably more complicated to run on local resources, you'd still need something with a public IP that can be reached to work correctly.
I do the same but then have a VPN so I can reach it externally. One more thing to maintain but worth it.
Now I use Tailscale (which is free for a single-user account) and it works excellently, without the Cloudflare dependency. No login necessary through the browser like with Cloudflare Tunnel, because you're already authed with Tailscale on the device.
Perhaps wireguard(or tailscale just for this bit). Not saying you have to, having local only as default is perfectly good and safer maybe!
https://blog.ollien.com/posts/vpn-gateway/
No (useless for that usecase) additional intermediary like Tailscale in the middle. It has the added benefit of allowing you to share everything that is on Nextcloud with people without requiring them to use any VPN/etc.
[0] the fact that it runs an a laptop (with its battery) rather than on a workstation provides a UPS on the cheap
[1] dynamic DNS can be achieved even using cheap providers such as OVH as long as you get your domain name there https://docs.ovh.com/ie/en/domains/hosting_dynhost/
Bonus is that I can restrict incoming traffic on the router to cloudflare ip ranges, and use cloudflare tools to restrict traffic.
I suppose you could accomplish the same with a VPS but this is all free.
Like you mention, services like tailscale and cloudflare tunnels are a way around it, but that introduces complexity and additional trust in another company.
The main reason I host my stuff on a VPS is because if an attacker finds their way in, I don't want them to have unrestricted access to my home network as well. (And I'm to lazy to set up a DMZ...)
I've tried making binders, I've tried every suggestion anyone could possibly make, and the ubiquitous available of Google Docs while I have a phone with internet is the only thing that has verifiably made me more productive. It's only gonna be a few tenners per month to have it fully under my control.
So what you're saying about AWS seems to be that if I just use EC2 and their cheap storage and stick to things I understand (I understand a rented VM, for instance, and I understand the idea that whatever that VM sends out counts against a quota), that they would have a hard time catching me out, and that also seems true to me. Behind a firewall I'm extremely brave, the fact this is internet-public has me a bit more trepadacious I suppose.
I also considered using a local instance to start, but the documentation seems to be very against that and I don't like starting my journey with a new system in defiance of their stated best practices, that seems like the road to a broken heart to me.
edit: lots of suggestions to use dyndns type services, problem there is I'm on Starlink and have no public IP available. There might be a cheap bouncing service out there but that's more googling and in the final analysis I can afford to do it the straightforward way.
Basic idea is `curr_ip=$(curl ifconfig.me | grep smth)`, then `curl -X POST https://your_dns_provider?dn=vpn.jtode.com&new_ip=$curr_ip`.
Run it as a cron, on a schedule that's kind to your IP identification service and kind to your personal SLAs around uptime (mine's set to every 5 minutes).
Verizon changes my home IP every couple weeks, by my latest log check. No need to pay for dynamic dns.
Self-hosting is a long journey of solving such trivial problems. But it's pretty rewarding when it all fits together. :) Good luck!
I have a setup like the one you desire. Some of my services are port-forwarded to the public internet (i.e. the ones with a login screen) behind a local nginx instance. Others are only available on a "local" network, i.e. at home or via a VPN tunnel advertised at secret-vpn.{}.tld.
I'm confused about this part. The default Docker implementation and Docker AIO implementation expect you to have a website that you point to to make it work. They auto-get SSL certs against that website.
Has this not been everyone else's experience?
Is it a bad idea? Yeah, sure, but given that it's not publicly routable if you're attacking my HTTP port as far as I'm concerned I've already lost. So there's no security situation that internal HTTPS will change, as far as I'm concerned. If HTTPS was the thing that stopped something, I've still got a problem.
https://www.oracle.com/cloud/free/#always-free
I've used many other free tiers over the years (living in a low-income region you pretty much have to), and they make it difficult to fuck up your trial and go over the free limit. With GCP or AWS (especially AWS) it's trivial to start running paid resources and be surprised with a large bill at the end. Here you have to explicitly opt into it by clicking through multiple dialogs and confirming via an email link.
The 10TB of free oracle bandwidth means you can store media-intensive applications on the instance. For data at rest, I simply nfs-mount a 14TB disk I have at home hooked up to a raspberry pi running tailscale. tailscale is the bottleneck here because it pegs the cpus of the rpi and oracle instance, but I still get 250mbps (something about the arm crypto implementation being slow.) There's some rummaging that go will improve the crypto performance so fingers crossed. I think I'm using less than 10 watts with this setup.
For backups I keep it simple and plug in an external drive and run borg every once and a while. It's manual since the backup disk sits offline.
I can't in good conscience however, ever allow someone to recommend Oracle Cloud uncontested.
If it's working for you, I'm not going to fight, but please don't recommend it, the axe of Oracle is heavy swung- even if it hasn't caught your neck yet it definitely strikes.
EDIT: for those curious: https://news.ycombinator.com/item?id=29514359
It seems, from a glancing review, all of these services structure the Free Tier to force an "on-demand" or "serverless" architecture, since the CPU-seconds and GB-seconds are always undersized for an always-on system (such as a traditional server or OCI container).
For hobby projects or book exercises, the Free Tiers can be enticing, but seem like a gateway into surprise billings. What do you do if you require a few OCI containers at the same time?
How do you folks do it? Is everyone just doing "serverless" these days and I'm old fashioned?
The two x86 VMs are puny and can only be used as VPN gateways, or for static site hosting, or something like that.
Not using any of that newfangled "serverless" nonsense, and do not plan to. For work projects we rely on colocation with properly self-provisioned and fully controlled servers. It would be silly to use free tiers since you get absolutely zero uptime guarantees.
Please do not use Oracle's free tier.
I too thought the free ampere machine would have been great. Like most things, it was too good to be true. The provisioned machine sat idle and unused for a few days and was then suspended for "Abusive Activity". I must be clear that there was nothing running on it. Even if there was, I cannot find out because Oracle does not provide any network metrics and refuses to tell me specifically what their problem is. The only detail of abusive activity is:
> Traffic Details: Outbound Port Scanning, Brute-forcing, Web Exploitation, and/or DDoS. (Port 22)
Those traffic "details" could possibly be the most generic and vague explanation for suspension ever.
The only form of remediation is through the support, which is not available for always free accounts. There is no one to email, no one to call, nobody to help. I did try calling _a_ support number, but was told they could not help and I could try contacting sales(!?) who did not even get back to me. The official suggestion is to make a post on their community forum, but unsurprisingly this also went unacknowledged.
This happened well over a month ago and I have little hope this situation will change.
I had also read others' negative anecdotes on Oracle and was reluctant to believe them, now I know better.
Do not use Oracle's free tier.
There's also https://www.pikapods.com/ that offers to host it for you in a simplified manner if you don't wont all the server hassle.
But is searching for maintainers
When you’re ready to reduce prices and increase privacy, take a look at a tiny (like t3a.micro or .nano) ec2 instance that forwards to/from your “real” server at home which can be beefier. The home server maintains a vpn connection to the ec2 instance. you also need to configure nat and port forwarding on both sides so you’ll need to get your hands dirty with nftables/netfilter (probably a night or two of pain realistically).
Once it’s set up and working and you can get your monthly spend down to $3-$4 (I pay up front for three years of ec2 credits). You need your own hardware but a used nuc for example is pretty cheap and adding storage is a matter of buying an external usb hard drive.
And if you stick to https/tls (via letsencrypt) the Amazon forwarding instance can’t see what’s in your traffic (just which ips are visiting you and when).
(You could obviously cut Amazon out entirely if you’re comfortable hosting directly from your home ip but I never wanted to deal with the potential isp headaches.)
You could simplify substantially by simply using the ec2 instance as a reverse proxy (well, that’s simpler to me, at least, as someone much more familiar with reverse proxies).
Some people might not care about this which is fine. Personally I’d rather take on slightly more overheard in setup (nftables vs nginx or whatever) and get the privacy in the bargain.
The only thing I don't have from your scenario is a public IP due to being on Starlink as I said, so there's no way for me to let anyone in my front door here even if I was willing to endure the pain, which I don't think I am. Is there a way to have my server always be the initiator of the VPN connection, and the bouncing server just say "sorry" if the home server isn't responding?
I am tempted to bring up the question of having a CDN cache (or whatever the terminology is) for those occasions, but that sounds like money, in the final analysis the straightforward setup might still be my best bet for now.
But yah, the idea of just having a small public bouncer that forwards stuff and doing everything from my home servers has occurred to me before, I just don't know yet how to set that up and I get nervous with anything public, it's a scary world out there.
Doing it the "dumb" way just gets me onboard and I can start looking at all the little parts, it's how I learn stuff really... like I said, very interested in doing some more reading on exactly how one would implement that, as detailed as possible because I am very stupid when I'm first setting out on something, I need the text equivalent of someone talking real slow like I'm five. :>
You don't need a consistent public IP from Starlink with things like Wireguard, Tailscale, or Cloudflare Tunnels. You just need some server somewhere with a static IP which is pretty easy to get for cheap (see suggestions for where to get the server elsewhere in this thread). Once you have a public IP you can:
A) Setup wireguard on that server and configure your local machine to connect to it
B) Setup tailscale on both computers
C) Setup a cloudflare tunnel and point to it via a domain you manage in cloudflare (with added bonus of cloudflare protection out of the box)
From there you just need documentation on properly doing reverse proxying with Nginx or similar and setting up Lets Encrypt (certbot or acme.sh).
The "hard part" is getting past Starlink, but if you think about it you must be able to do that somehow otherwise how do you get internet? That is what the 3 options provide: a way to open the connection somewhere you trust to allow others to make requests. (The "others" may be you just outside the local network)
So I would probably avoid Amazon just because many of their services charge for data out. It isn't out, but it's a variable for you, and you probaly want something that's flat per month. Cheapest you are going to get with somewhat reliable service is either going to be Hetzner or BuyVM. Hetzner is better for someone who doesn't want to tinker, BuyVM for those who do (BuyVM is a little less reliable, but you can set it up cheaper if you are willing to do a little bit of manual work with shell commands).
Secondly, I'd suggest you host this through Cloudron. It helps you handle automatic security updates and backups. It's very nice, and worth paying for, although it's a little pricey for individuals.
Third, with email, you can host it yourself (in fact Cloudron has this built in), but I'm going to recommend against it, or at least recommend that you pipe important emails through another service like Fastmail. Let me explain why. There's going to be some point after hosting for 5 years, where your server is going to go down. Now email will be fine, it's built to deal with cases where servers go down, but... we rely so much on email right now, that it's going to really suck to have it down. So by all means, have your personal email come to the server, but keep anything that you can't do without running on a managed service. You can pipe it through your own domain, and set up automatic forwarding, but it's going to be a little better to run important stuff through someone else's server, imho.
Just my two (or three, I guess) cents.
The state of email is disappointing and sad. It is possibly one of the most centralized decentralized protocols/networks on the planet. We need a good replacement for it. It's so legacy.
If you have set up a new system without any reputation now, even if you have set up DKIM and SPF, it's now a lot worse. Major providers like Google and Microsoft won't really tell you, but if you are new but don't have a dedicated AS and instead you're using (for example) Linode you'll be scored lower by having low-cost solutions that just so happens to be abused by spammers.
Still - if you self-host just assume at some point it will go down and you may have to deal with a backup restore before you can receive any more email. If that gets in the way of your life, you may want to reconsider :)
Source: Having own email server for 17 years. Absolutely happy with it. Again, that doesn't mean everyone should do it, but I'd abstain from advices like you should not! or should do same.
I do host mail for tens of domains and never had issues with deliverability.
So, what can I do to just keep a backup of all my emails (one @gmail.com and other personal website emails)?
Maybe for me, just having those emails accessible somewhere is more important (other than primary source/ provider)
Thanks
I have it setup as my.srv1.domain.com (with apps at appX.srv1.domain.com). This way if I need more apps I just spin up another 1G Ubuntu instance somewhere and install cloudron as srv2 etc, for another 2 apps that fit squarely into the 1G and also Cloudron free tier. Cloudron in their forum has also stated that this does not violate their terms (they said completely within terms).
Since almost all of the people you correspond with are sending from Gmail or Office365 or <insert other oligopoly provider>, there is no email security anyway. Sadly.
Prepare to spend much time debugging, configuring, reading tickets, etc. If you only want files and Cloud office, consider using alternatives like Seafile[1] or the new OwnCloud rewrite in Go called OCIS[2], which are MUCH more stable than Nextcloud.
[1]: https://www.seafile.com/en/home/ [2]: https://github.com/owncloud/ocis
Sync thing on the other hand creates a conflict almost always.
Any solutions there?
You can also run the NextCloud All-In-One Docker container just on a regular linux box and it'll work, as well. It is a central manager for a collection of docker containers that it starts up. Works great. I definitely encourage NextCloud.
It has even passed the non-technical spouse test, which is important!
It is used for files storage/sharing, backups, photo backups, recipes, calendar (caldav), contact (carddav), todo lists, bookmarks, webmail (rainloop to an externally hosted imap provider), and other stuff, all from Linux, Mac OSX (spouse) and iphones.
My biggest complaint is that there isn't an LTS version, and since you can't skip versions when upgrading, I feel like I need to make sure I update every 3-4 months, even though it isn't publicly available on the Internet (it is on my local network which is always available on all devices thanks to wireguard)
There's a bunch of Bitcoin related Apps as well but it's easy to just ignore those.
Full list of "apps" here: https://github.com/getumbrel/umbrel-apps
https://www.hetzner.com/storage/storage-share
The only caveat is it is not a good development platform for me with regards to Python - Their file structure, update process, etc. tends to break any development environments I set up. I still roll out a vm or dedicated box for dev work.
Overall, rather pleased with their products, simple, easy NAS with many possible services to hang on it. OpenVPN and either static IP or DDNS means I can access it from any Internet connection over IPSEC.
Worth looking at, in my opinion.
p.s. Also have one running Postfix/Dovecot for a small business client, works fairly well, although I do have to keep an eye on those services after power outages and updates, they tend to require "repairs" in Synology's vernacular.