I’ll just open them up to the internet via an nginx reverse proxy. Make sure sign up is disabled in the applications, and something blocks people from brute-forcing passwords. Pretty sure Nextcloud comes like that per default. And I’ll do updates. And see if I can run stuff in containers or seperate users so in the unlikely case something happens, access to one of my services doesn’t compromise the entire server.

Lots of other people use VPNs though. Like Wireguard, Netbird, Tailscale…

I wouch for the VPN route… VPN servers are built to be exposed, are hardened/engineered to resist the harshness of the net and are somewhat safe even with default settings.

Should you publish on the wild a few web apps, you would have to harden, monitor and manage a bunch of environments and/or frameworks with a load of quirks each.

A VPN is easier to maintain and safer for your data with a lower effort.

I do both. Wireguard VPN for anything that’s just me. Expose via nginx proxy for things that are shared with friends and family.

I don’t give access to any of my services to anyone, especially family or friends. LOL However, you could investigate Tailscale, Headscale, Wireguard. Additionally, if you set up Cloudflare Tunnel/Zero Trust, you can give individual users a unique access to your server. For example: You can allow alice@mysupercoolserver.com to access home.mysupercoolserver/shell but deny bob@mysupercoolserver.com. Only allow bob access only to home.mysupercoolserver/media.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

4 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.

[Thread #197 for this comm, first seen 29th Mar 2026, 00:20] [FAQ] [Full list] [Contact] [Source code]