Client access only

Firstly, apologies if this is a stupid question!

I’ve got Nextcloud running successfully on our lan and it’s access by numerous people using the Windows desktop sync client. The web front end isn’t used by the users but only by our admin team to administer logins/passwords/etc. And up until now we’ve been very happy with this.

However there is now a need for laptops to be able to continue to access outside the lan. So I did some searching (including on this forum) and it appears that ports 80, 443 and 22 need forwarding, although this seems to be answering the need to access Nextclouds web front end… which is the opposite of what I want! Do the desktop clients use these ports too or does it use a different port? If it’s the same port(s) is it possible to enable access for the client outside of the lan but for the nextcloud web front end to be lan only?

Many Thanks!

Client and browser use the same ports. Technically if you use SSL, you only need port 443 (http on port 80 is usually redirected) and port 22 (ssh) is only for you as admin.

You could use the file access control app (https://docs.nextcloud.com/server/12/admin_manual/file_workflows/access_control.html) and restrict via ip and request user agent. Don’t use it as a security feature because the user agent can be easily forged.