Seafile behind fritzbox

Dear All,

I’m planing running a seafile server at home. At the moment I’m thinking about how I want to publish it to the internet. Dispite all the DNS stuff I have to solve, this topic is about the Firewall.

Normaly I dont expose the Webserver directly towards the internet, instead I place a reverse Proxy infront if it.
As im not sure if I want to buy a APU and setup PFsense (to have the possibility to install HTTPS Proxy on the Firewall) or if I just use the Fritzbox and do a portforwarding.

If the NGINX Server is recommended and enough to secure the Seafile Services as a Proxy properly, I would be fine with a normal Portforwarding. But I’m not sure if the NGINX acts as a Proxy or just as a normal Webserver for seafile

So to bring my question in to one sentence: Is the NGINX instance a state of the art security solution for a seafile server or is the proper way to secure a seafile server to put a seperated HTTPS-Proxy infront of the NGINX that itself is infront of the SeafileServer or I’m I fine with just NGINX and Seafile on one mashine and having ports forwarded?

Thanks for your advice and with kind regards,

Nginx is secure. And if you just enable the ports for seafile I don’t know what you fear. I rent a server, have not only seafile on it, and I won the bet that my server is secure.

You can work on the nginx settings - of course (timeouts, ratelimits, logging, …).

You have to make sure that your system is always up to date.

Another proxy in front of it won’t improve anything.

You can also configure fail2ban for Seafile to block users trying to guess passwords.