As I'm learning more and more about self hosting, I've read repeatedly that the safest option for internally hosted services is to use a VPN from your mobile device (laptop, cell) and connect to your server(s) as needed when outside of your network. That brings me to a predicament of sorts.
Tools like Seafile, Nextcloud, Pydio, and CryptPad offer great collaborative features as well as easy sharing from these services. But if you're not exposing any of these services to the web, how would you share documents or files easily with those outside your network? The share functions will generate a link with your IP:Port, or in my case, a domain name that is only internal. I know you can download a copy and email it separately, but that is a bit clunky. Is there a service or another FOSS app I'm overlooking that allow you to 'publish' items to an external friend or team member in a safe manner?
I've not yet decided on which solution I'm going with. But in the case of CryptPad it seems secure that I would be comfortable hosting externally making this question moot. But I'd likely host it on a VPS instead of my home server just for another layer of separation.
Risk vs Ease of use. You need to decide if one is worth the other.
I have all my stuff exposed but is hidden behind 2FA.
Also, consider resources - costs ratio. Self host (+routing through vps) allows you tu have lots of power with low costs.
Very true. I didn't know if there was some sort of "secure share" that could be leveraged without exposing the main app. Say Seafile, for example. Where a secure link is created and can be sent. I envisioned hosting something like that on my VPS and Seafile (or other) on the home server without exposing it. But reading more about CryptPad, that may be the ticket. Seems plenty secure to host on the web so I may go that way if no other options exist.