A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Idk about giving a comprehensive answer, but getting full marks on the nextcloud security scanner is a good start: https://scan.nextcloud.com/
I check mine periodically and make sure I'm on the latest version, use 2fa (passkey) and hope that does the trick.
Also there's a plugin for brute force protection.
Yes. mine is exposed publicly (with fail2ban) on a VPS with a public IP and a public DNS name and it's fine. Use a minimal configuration that meets your needs, use secure passwords like you would for any public service and keep it up to date, and stay aware of any potential news that might make you aware of any severe and widespread vulnerabilities in the future (there haven't been any in Nextcloud so far). It is not nearly as terrifying as people make it out to be to share public services on the public internet. Most decent software is secure-by-default. Yes vulnerabilities and attacks can happen but they are the exception not the rule.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| IP | Internet Protocol |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
[Thread #315 for this comm, first seen 25th May 2026, 17:40] [FAQ] [Full list] [Contact] [Source code]
Define securely.
I've run my nextcloud online for a few years with no incidents, it's behind Apache, I keep it up to date, I have a bit of extra hardening (but none of it really hardens nextcloud itself it would just make running exploits on my server more visible).
It doesn't really add security in the traditional sense but for a personal server logging outbound traffic and having it email me when something non standard initiates a connection also gives me an added sense of security.
There's a lot of discussion on a very recent post about doing this for Jellyfin. You should start by reading that: https://discuss.online/post/40181742
This is not an apples to apples comparison because Nextcloud has security built in... it was designed to be published securely on the internet.
That's not to say Nextcloud is perfect and without security concerns, but it's miles ahead of Jellyfin which is Not designed to be published to the web.
FWIW it seems Jellyfin has some application-specific authentication/security bugs that complicate things a bit. Of course the same concepts should generally apply, but some considerations will be different depending on what application you’re exposing.