I've set up NextCloud on a R.Pi on my home network. Using Fritzbox Port Sharing I could expose this machine / service to the internet. Of course that means if someone compromises NextCloud / Raspbian they're on my home network, and while things are somewhat protected at home it's a trusted network and I haven't really secured it.

My gut says "don't do it" and to have it on the LAN only, and use a VPN from devices to home for syncing. I already have the VPN set up, so not a huge deal for me, and TBH these days we don't leave the house all that much anyway.

I want this for sharing small files between phones and computers that are updated occasionally. I use Dropbox but their 3 device limit is annoying, Resilio Sync is fine but having a server is convenient.

Thoughts?