Do you think a Proxy would be better in this regard compared to a firewall? I was trying to watch the logs of ufw today and see if I could do something there but the incoming and outgoing connections are A LOT, and I would essentially like to whitelist both per domain and per IP.

How much maintainance would this require? I wonder how often IPs change today, but with all the NAT, dynamic DNS and CDNs there around maintaining a whitelist only with IP addresses looks like a nightmare…

Squid proxy with squidguard could be a better option than trying to work with a forewall maybe?

Any suggestions on the how?

It looks really complicated, very different from Linux! I cannot understand properly all the sandboxing thing… But I guess it’s years of development and policies enforcement… Now I can see why Android it’s much more closed compared to a normal Linux distro, I guess this provides a lot of security but less customization. I also have to understand the role of the device manager in all of this. Is there any Linux distro that behaves similarly?

Why so much effort into securing it? Isn’t the Linux behaviour with users etc enough?

No it’s more a user management thing, I would need users to access a certain list of whitelisted websites only…

Maybe proxy or dns? I’ve been looking in squid proxy but it looks fairly complicated, especially if I wanna be able to access it from wan… But Idk if with DNS I could block ips as well. Setting up an hosts file seems like a lot of continuous work since I would have to specify entries for each ip address associated with domain… Maybe firewall?

Enough focus to read documentation.

That’s really it. If your purpose is just self hosting learning bash could also be helpful. And yeah Linux would be a great choice.

But mostly, if you want to self host an instance of Nextcloud correctly and without having to deal with too many unexpected things, you have to read the documentation and do not rush. Most self hosted stuff isn’t “install and use”, because you’ll be your own server manager, and everything requires attention to be managed.

Docker or not docker you will have to deal with configuration, settings, requirements and updates.

So understanding how to read the docs/search and open github issues and taking time to read everything would be the most important skill for me.

Also writing down what you are doing would indeed be helpful too, in order not to lose track of what you’re doing on your server. (Check out Ansible).

Most apps out there simply need you to know about permissions, systemctl services and package managers.

Try to always find a specific package for your distro for everything you install (eg. .deb for Debian), and have strategies when this is not possible (aka using a Python venv when installing python programs).

That looks way more than a home server, it looks like something i would expect to see for a small business!