Hello, I run NextCloud on an RPI on my home network. It isn’t accessible over the Internet, so I don’t think I need need https security. Whenever I first connect to it with a browser I get this message:
I realise this is because I haven’t got a certificate but is that even possible for an internal network with no external DNS record? I would like to get rid of this irritating message in the easiest way possible.
This is not a problem of Nextcloud, but the browser you’re using. Essentially all mainstream browsers will nag you one way or another. You can modify some configs, for example, in edge. Nevertheless, some inconvenient tag will sometimes pop reminding you of this choice.
Firefox doesn’t do that for HTTP connections, and with HTTPS connections that are using self-signed certificates, it will only warn you the first time, and then it adds the site / cert to an exception list.
However, with an unencrypted connection, it will still warn you every time when you enter your password on the log-in page, but that warning is much less intrusive, and you don’t have to click anything away first, in order to be able to log-in. Insecure password warning in Firefox | Firefox Help
I use Chrome most of the time. I found a setting to list unsecure sites to be considered secure and that fixes it thanks, but now Chrome nags me when it starts up to say I am using an experimental feature, LOL.
The issue is with NextCloud because it serves https pages without a certificate to local networks. I have lots of my own servers that serve http to my local network and no browsers moan at that. Obviously it should be https when served to the internet but how can that work when served to a local network?
There are several ways to get Lets Encrypt certificates without exposing the server to the Internet,.
A very simple way, which however requires manual intervention, would be to open the ports for a short time every three months, obtain the certificates and then close the ports again. Or you could use the DNS Challenge, which many Let’s Encrypt clients like e.g acme.sh or certbot support.
For the above options to work you’ll need a registred domain name and / or at least a DNS name from a DynDNS service, if your Nextcloud is running on a residential internet connection. Many DynDNS providers also have free tiers.
Or you could use self-signed certificates and import them to the certificate stores of the browsers and operating systems on the devices you want to use Nextcloud with.
I have a domain for the house from duckdns but the only server I expose is wireguard and then I access my internal network over VPN, so none of my other servers have an external DNS address.
If you absolutely want to, you can try to disable https on your instance, allthouh I’m not sure if that would break at least some of the fuctionality like e.g Talk. However I think most of the rest should work with plain HTTP.
How did you install Nextcloud, in the first place? Snap, Docker, AIO, manual…?
It is an old manual installation of NextCloudPi.
Not sure how easy it would be possible to completely disable HTTPS on NextcloudPi or if it is possible at all, without breaking stuff. I would try to get official certs, via DNS challenge. Maybe you can even use your existing DuckDNS account for that. Unfortunately I can’t help with a step by step guide for your scenario…
Not sure how I could use the duckdns accoung because that DNS record is only for my wireguard instance. The hostname of my NextCloud server is just a local name.