It’s the right choice, nextcloud is buggy af, the issue from years ago where it randomly corrupts files is still open too, I got hit by that one and had to completely restore from a backup.

It’s just the ease of use, Tailscale sets everything up for you, keeps track of IPs so you don’t need to manually define endpoints, and handles NAT negotiation.

Don’t forget that the modern approaches also make it much quicker and easier for someone to make something.

Ah, portainer gives me an error if one is, so I just mash the numpad and choose another.

I’m a little confused why this would be needed, I only need the port during initial setup of a stack when I’m writing it and configuring the reverse proxy, once it’s running everything goes through the proxy and I never need the port again.

Proxmox itself uses about 1GB, so other than that you have the rest left over for everything else.

IMO Nextcloud AIO is a mess that doesn’t work properly for anyone used to docker and docker networking. It makes lots of bad assumptions about how things are configured.

Managed to gain access to the container by using the docker virtual ip of the apache container, but i see this as no solution because the virtual ip can change whenever an update is applied.

The reverse proxy docs have something in the section “Running the Reverse Proxy in a Docker container on the same server”

It sounds like they want you to use network mode host on the NGP container which is dumb, but should work in theory. Then you can use localhost in NGP.

That will not solve OPs problem.

My benchmark is kinda “how annoying or disruptive would it be if it broke and I didn’t feel like fixing it for a few days”

So email for example, I could selfhost, but I’d rather just have someone else do it so I don’t have to worry about it.

How do you find Ionos for keeping up to date? My experience with shared web hosts is they’ll be on PHP 7.x or something while PHP 8.2 is the current stable version.

Bitwarden has never been breached AFAIK

Password managers are a HUGE target, and while I’m sure they do everything possible to prevent a breach from actually obtaining peoples passwords, vulnerabilities do happen.

That’s why I think self hosted Bitwarden or KeePass with a file are the way to go.

Watchtower itself works great, it doesn’t need a GUI for what it does.

But updating containers in general, either manually or automatically, always carries a risk of something breaking due to the new update.

One thing you can do is make sure you’re not using :latest tags in your compose files, and instead pin major versions like postgres:13

And of course make sure you have backups going back multiple points in time in case something does break, and test those backups!