Frankly these are useless. SSH is secure by default and will never support algorithms that could be possibly broken. Same for TLS 1.3

Docker bypassing ufw is very bad

If you disable password authentication, and use public key authentication, yes.

The reason for downvotes is comparing apple and oranges, and also throwing FTP in the mix!

Let’s consider SFTP and nextcloud. SFTP is a secure respected protocol for file transfer. If you use key authentication and disable the password authentication, it approaches to be bulletproof security wise. SSH has rarely had a vulnerability that would allow attackers in. It’s even have post quantum cryptography. It’s rather easy to set up. But it doesn’t do more than file transfer. It also doesn’t have a lot of GUI apps.

Nextcloud is like Dropbox. You can find A LOT of things in it (though frankly the quality of most of them may be low). File transfer is just one of the things that it does. It uses https, why? Because the web technologies and developers have focused on this versatile protocol in the past decades. You access internet through port 443 not 22!

If I want to backup data or transfer files, I use SFTP. Over the internet, I trust SFTP not nextcloud. For other things, I use other tools such as Synchting, nextcloud etc. Synchting allows syncing over SSH.

Seagate drives. Exos if your NAS is in a basement, or regular ironwolfs otherwise.

Instead of high quality expensive drives, consider more of the medium quality drives with more copies. And HDDs are much cheaper than SSDs at high capacities.

Those data centers need drives that are accessed 24/7 by many users simultaneously. They have perfect operating conditions such as temperature, don’t care as much about noise, etc. That’s not your case.

Consumers need consumer NAS drives, not enterprise drives.

You could install Wireguard on a VPS, and access all your devices from anywhere! This solution has existed forever (which is how you access your email, Gdrive etc).

Mesh VPN is point to point, but a VPS nearby can be even faster (mesh VPNs may not run in kernel, may fall back to relays, have to try different protocols etc).

Synology software and applications are way better

And CPU that is old and power consuming!

Mechanical hard drive storage has gotten really cheap. Just get Seagate ironwolfs now (or Exos if you don’t care about noise).

Is it 923+ or 920+?

Wireguard is what you want!

The 2 in this rule isn’t clear: 2 different media?

Why is it important if it’s DVD & HDD or SSD & HDD?

How do you compare Caddy with nginx proxy manager?

Yes. For example, I want to share all emails on a particular person.

The emails can be easily browsed, searched, etc. I don’t want to share my entire inbox.

Deduplicate, compress, encrypt and snapshot. Encryption is a must. You don’t want to send your data out there in the wild, that might potentially be published in a dark net website. It might go everywhere who knows.

Is paperless-ngx useful for this too?

I’m referring to ZERO DAYs. OpenSSH is a serious security product. Those web apps are written by random people and probably riddled with vulnerabilities not known to public.

Here is the rule. Only a trusted vpn and ssh key authentication can be public.

You are doing it wrong: SSH with key authentication is the most secure piece, and could even be public. Immich and Jellyfin surely have zero days and should be behind VPN

Off topic.

Jellyfin apps seem to me less user friendly than plex.

Plex iOS app moves back and forth in the video pretty fast. Why are there pictures of cups and tea etc instead of clear 10s back and forth? Common!

If you are not familiar with VPNs set up, then use Tailscale. If it can make direct connections, you are done.

Otherwise, run a Wireguard server on VPs