

Mine is publicly exposed using the standard nextcloud:stable-apache docker container, with nginx (past) / traefik (present) handling TLS termination, but not otherwise adding additional security measures.
It’s been this way for several years and I’m yet to have issues, but it’s certainly not bulletproof since a critical vuln in Nextcloud could pwn it. That just hasn’t happened.



Hey there. I don’t have anything to say which is actually helpful. I’m just here to say that you are throwing yourself into the deep end a bit since authentication / access control is actually one of the more advanced topics there is.
Once you do get it figured out, you’ll look back and it’ll make sense. I don’t use Cloudflare services for my projects, so I can’t actually help you. Auth/access control settings vary highly depending on what you chose to use (cloudflare, tailscale, netbird, etc),
Having skimmed over the other guy’s PDF, I’ll say that where Cloudflare provides instructions, follow those over his steps 1 and 5 (since if anything will be outdated and not work/no longer recommended, those would be it), but I otherwise don’t have complaints. As with everything computers, everyone has their own way of doing things which they insist is the correct way. I’d do things very differently, but I also won’t say there’s anything wrong with their way.