I have just been into this whole server thing for just about 2 months now for home use, just running nextcloud, tailscale and jellyfin in it. Nothing complicated I must say, as I am just basically using it for storage use.
I think my small office (about 15 manpower) would benefit from having its own server. My intended use would be:
Digitization of documents (storage of scanned copies of documents) - I’m thinking Paperless-NGX would be a good fit for it.
Invoice generation - Invoice Ninja is what I have in mind now. Necessarily, copies of these invoices will be sent to people outside the organization.
Cash flow monitoring - I don’t know which app to use yet.
The most important part, File storage - ALL active files will be stored in a common SMB share which can be accessed by select employees. I intend to have this accessible remotely and I have yet to know how to properly do it. I have been able to remotely access the SMB share in a number of occasions but I do not know why it would sometimes fail. At times, I couldn’t access the SMB share but I could access the files through the nextcloud, with tailscale on. Eventually, I would want our clients to access the files related to them. Nextcloud has a way of doing that, I think. I run a law office and most if not all of these files are confidential.
Basically, that would be my intended use for now. I’m thinking of getting a Dell R730 or an R640. Eventually, I would want to have my own website for a much lesser upkeep cost using the server. If my understanding is correct, the term for what I want to do with it is to ‘self-host’ it. I’m not expecting much traffic in it. I have yet to know if that idea is technically possible.
Just so you know my limitations, I don’t have any formal education or a decent background on IT. I was able to run my home server only because of youtube.
Now, I know things like this aren’t meant to be that simple. With my intended use though, do you think I can get away with using just these common apps (Nextcloud, tailscale, Invoice Ninja, etc.) in a small office? Security-wise, would this be a good move?
These three things sound dangerous & like you’d want IT on staff or at least on contract to manage imo. Otherwise, yes, TrueNAS may indeed be a great choice.
Without someone dedicated & with good understanding - imo no. At least do VERY slow rollout, start with just local access & local file management. Then spread to VPN use between your employees. Then go from there.
Thank you! That’s what I thought too. I don’t know why I had to ask for confirmation. haha. Will follow your advice and probably hire someone to guide me. How about the hardware? Do you think the R730 would be enough for my use?
You need a professional IT company with deep ZFS/ Truenas knowledge to handle that. Not just “someone”.
Self hosting anything will otherwise most likely lead to dataloss or dataleaks that will bankrupt you.
The cost of an IT support contract will probably be a lot higher than what you can save by self hosting the apps and buying an old server.
Just recall your most delicate court case and imagine all data of that client would have been suddenly inaccessable or ended up in 3rd party hands…
Go from there.
Thank you for letting me know about this. I’m glad I asked before I started doing anything. Without the self-hosting and sharing files outside the organization though, is there any harm if I do it myself? It’s just that I didn’t expect I would enjoy doing this. The cost is secondary.
I’ve been practicing law for 25 years, I think I know my way around TrueNAS pretty well, and I’m pretty comfortable self-hosting applications. For file storage, sure–that’s fundamentally what TrueNAS is designed to do, it does it well, and it’s pretty secure. File-sharing, even remotely, among members of my office? OK, they can be on a VPN (probably Tailscale or something similar).
But something that’s exposed to the public Internet, and contains confidential client information? Hard pass.
Oh thanks dan! Nice to know. I see now that of all my intended use, this file sharing to people outside organization have the most security risk. If you don’t mind, how do you give your clients copies of their case files?
My practice right now is with the US Government; I represent Soldiers who are leaving the Army for medical reasons. The nature of that practice is such that they receive their files from another source, and I’m primarily reviewing and acting on what they give me, so there really isn’t a “case file” that I need to give them, or give them access to.
If I did need to do that, while something like Nextcloud might be able to manage it, I’d be looking for purpose-built law practice management software like Clio or Rocket Matters (which I wish my organization would use, but that’s a side issue). The closest thing I’m aware of in a self-hosted environment would be Arkcase CE, but I haven’t been able to get that running. Or perhaps HoudiniESQ, though you’d be paying for that.
Agree. OP is the type of person that scares the hell out of me. Unfortunately, leaks, breaches, and data extortion happens every single day and its the customer or patient that loses. Even if they hire who they think can do the job properly, a hardened infosec engineer that breathes TN, it takes an on-going, proactive, approach to keep data safe from not only the outside, but the inside as well. Just one instance can cripple and destroy and echo for decades. Scary stuff.
If anything, that tends to argue in favor of self-hosting–if I’m hosting my own data, a breach at Google doesn’t compromise my data. OTOH, Google have a staff of infosec engineers and a pretty decent motive to have them do a good job. I’m a vastly smaller target, but I have much less capability to defend myself.
Now, for my own data, I’m comfortable with that–I do self-host a good number of services, and some of them are open to the public Internet. But with client data, my license, and thus my livelihood, is on the line. I won’t say I’d never be comfortable self-hosting something like that, but I’d want it to be something that’s purpose-made for this application–and I’m not aware of many candidates for that.
I would think you need access control per user so they cant wander into other files, even if password protected. That alone will take time and resources.
Active directory comes to mind or linux equivalent.
There are companies that remote host exactly what you are looking in to. In our study it was about break even hiring in house IT person fulltime around 50 users. This did not count clients as users but not having to troubleshoot clients connectivity was huge.
