We are installing nextcloud for our small business on an internal server so that it will only be accessible when on our office network (either physically or remotely via VPN). However we occasionally need to share files publicly so we would like to see if we could get share links working publicly.
My though was if we had the instance at nc.example.com Could we configure share links to use a different domain like share.example.com and setup a publicly exposed server for that domain to reverse proxy those request to the nextcloud instance?
Or is there some other way I am not aware of to accomplish this same thing?
Yes i think it is possible. But if you do not really want it because of security reason maybe you can buy an additional Managed Nextcloud only for sharing. You can use e.g. CNAME to map a subdomain of your company to external Managed Nextcloud.
I am currently working on something like that, for my home use. Here’s what I have done, maybe some ideas are helpful to you. Though I have it not yet working unfortunately.
Access to my Nextcloud instance is secured via Tailscale @ https://nextcloud.mytailnet.ts.net. Public share links start at the /s/ route. So I’ve heard people advocating Cloudflare Tunnels for this use case.
I set up Cloudflare Tunnel with https://public-nextcloud-share.mydomain.tld to route any traffic going to the /s/ route to my NGINX which then forwards to my instance that is secured by Tailscale.
This appeared to work at first, however, when I open eg https://public-nextcloud-share.mydomain.tld/s/fpwjstoijtoi5jtoj43otj43t43 on a public device, The page is broken and there are lots of Javascript errors in the console, because assets coming from the /dist folder could not be loaded. I set-up Cloudflare to only forward traffic to https://public-nextcloud-share.mydomain.tld/s/ to NGINX and drop (404) all other traffic. So I know its because of the Cloudflare Tunnel config but I don’t know how else to allow only traffic destined for the public share endpoint.