Need advice on basic setup

[meazz1]

I have installed and running in a test environment the 19.7.9_amd64.
My main router is an edgerouterX and eventually will be replaced by Opnsense once I understand the basics configuration.
My setup is pretty simple in the current configuration using the edgerourerX
1. 192.168.4.1 subnet, IP range is 192.168.4.10 to 4.100, a gig 24 port swiych
3. unify AP Lite access point
3. Port 80 and 443 forwarding for my Owncloud server
4. Raspberry Pi running Pi Hole for DNS on 192.168.4.2

What i'm trying to setup in my new Opnsense;
1. DNS server pointing to 192.168.4.2
2. forward port 80 and 443
3. just good enough firewall for a not so technical person to protect my setup

The Opnsense GUI is straightforward but overwhelming for new person like me.
--- I see few places dealing with DNS and not sure where I need to setup my 192.168.4.2 for DNS server
--- Port forwarding is little challenging in this gui, for me at least, there are many fields I'm not sure how to address
--- I noticed there are 14 firewall rules and not sure if I need any more harden it?

Any help, suggestion? I googled but not hitting the right site I guess!

[newsense]

Few thoughts:

Don't port forward anything from the Internet to a potentially improperly secured owncloud (nextcloud is the better alternative here anyway)

Use pivpn.dev as a straightforward/easy to set up solution to vpn in from anywhere - then access the owncloud server from the inside. Using this approach you only punch the vpn hole in the wan rules. The VPN solutions in OPNsense are just as good, the pivpn.dev one on the Pi might be just a bit simpler to follow (Lon.TV has a decent video on Youtube)

As for DNS, add it in System-Setings-General for the firewall and Services-DHCPv4-LAN (and other interfaces) - DNS Servers --- for automatic provisioning.

[meazz1]

Few thoughts:

Don't port forward anything from the Internet to a potentially improperly secured owncloud (nextcloud is the better alternative here anyway)

Use pivpn.dev as a straightforward/easy to set up solution to vpn in from anywhere - then access the owncloud server from the inside. Using this approach you only punch the vpn hole in the wan rules. The VPN solutions in OPNsense are just as good, the pivpn.dev one on the Pi might be just a bit simpler to follow (Lon.TV has a decent video on Youtube)

As for DNS, add it in System-Setings-General for the firewall and Services-DHCPv4-LAN (and other interfaces) - DNS Servers --- for automatic provisioning.

Thanks you for your advice.
I mis-wrote it. I have installed Nextcloud not Owncloud.
Do you still suggest to use pivpn.dev rather than port forwarding?

as far as firewall is concerned can I use the default rules or I need to tweak or add more rules? if so, any suggestion? modified? If so, any suggestions?

[newsense]

The VPN brings you in your network securely to access your private cloud, port forwarding makes it a public cloud for everyone to hack into, probably easily even.

The PiVPN solution authenticates you with pass and digital certificates.

Look for PI hardening tutorials as well while at it, since the VPN running on the Pi will have port forwarding.

The rules are a different matter which can be discussed in context.

[meazz1]

The VPN brings you in your network securely to access your private cloud, port forwarding makes it a public cloud for everyone to hack into, probably easily even.

The PiVPN solution authenticates you with pass and digital certificates.

Look for PI hardening tutorials as well while at it, since the VPN running on the Pi will have port forwarding.

The rules are a different matter which can be discussed in context.

I would like to setup a vpn but I'm running Nextcloud on Pi3 behind my router and would like to access using my ph or any pc from outside of my Lan.
I just don't know enough if that is possible.
I have a domain with my IP setup so I can just go to the domain address in the browser using any pc and be able to access Nextcloud.

[newsense]

It is possible, on the same Pi.