Is OwnCloud hardened enough to expose with a reverse Proxy?
Are there any specific settings that need changed to make it safe?
I have been running Owncloud since 2011 without any reverse proxy and it’s been fine.
I’m still on an old version because every time I have tried to upgrade it, it has fucked up, and i’ve wasted loads of time getting it back running again. New versions /should/ be better I hope!
Pick decent user passwords, protect it with SSL, and have a local firewall on your server that only allows required ports though (80 and 443), and you should be fine.
I take a backup of mine now and again, but it’s quite small - only about 50gb.
Is there a reason you cannot accomplish this with a selfhosted VPN?
Exposing anything has risk. Risk of loss of data, your systems being used for other attacks, and loss of time/money to fix. It is entirety possible to do this as safe as practical of course- keeping your stuff up to date and having some kind of visibility into intrusion detection for immediate response are ways to minimize issues.
„Only“ revserse proxy no. You need more. Https
https://doc.owncloud.com/server/10.13/admin_manual/configuration/server/harden_server.html You can start by checking out that URL
Anything I don’t share with other users (ie the stuff I host for just me) isn’t accessible from WAN. Instead I host OpenVPN so my mobile devices are kept within my LAN and securely accessing my services. (also keeps them behind pihole for adblocking and local DNS records)