Task objective:
- backup (or perhaps syncing) phone photos, contacts, calendar, 2FA, password manager to omv
Context:
- one user
- omv main use is LAN media server
- OpenWRT router
- static IP
- bluetooth/wi-fi off (WPA3 is available in phone/router but not used due to security risks. But perhaps turning it on once a day to sync would be more secure than opening ports to the entire world 24/7?)
- phone uses self-maintained wireguard vpn (deployed on my externally hosted cloud VPS 'server' - I know wireguard is peer-to-peer but you get what I mean), and is available for any device
Considerations:
- apparently usb flash drives are not a secure mediums for file transfers, neither is wi-fi, so via internet is more secure, unless perhaps, I plugin phone to server using a usb cable?
- I have no need to access to my server from outside the house (or example, to administer it or access files).
- On my previous practise server, I successfully deployed dockers nextcloud AIO, nginx pm, fail2ban, and opened ports 80, 443 (and another for nextcloud talk but could not connect the app, perhaps because I didn't forward it in npm).
- I have successfully used npm to limit incoming connections to the IP address of my wireguard server (I think I can also do this in the router). So nextcloud was able to do instant-uploads from phone to omv via my wireguard VPS, and sync's calendar and contacts.
So, functionally, above is just what I want, but...
All info sources I've seen warn of the risks of opening ports, and I've heard of un-patched longstanding vulnerabilities in nginx npm (now since patched). So I'm starting to worry and wonder if there is a better way?
Eg:
- syncthing
- headscale/tailscale - but port-forwarding?
- just wireguard - port forwarding?
Syncthing looks good due to not having to open ports, but privacy is also a desire of mine, and the public relays know which devices are talking to which. I'm not sure how much of an issue this is, but the solution is to run your own relay, which brings me back to the same problem; opening ports.
I have to laugh, I'm staring at my phone and omv server right next to each other and all I want to do is get files from one to the other. Surely I'm making this far harder than is should be? Just looking for a simple, secure, private method.
Thanks for taking the time to read this. Any advice would be greatly appreciated.