Connecting to Nextcloud over Tor

RobinL · April 21, 2026, 2:45pm

I’m running my own instance of Nextcloud that sits on a server in my basement. My phone and laptop connects to it via an .onion-address, that is over the Tor network. Some time ago the folder sync stopped working on the laptop. I think it’s because of this change Why the Nextcloud Client Does Not Accept Unsafe Connections · Issue #8654 · nextcloud/desktop · GitHub Evolution still works fine for contacts and calendar sync, but it doesn’t rely on the Nextcloud desktop client.

Is there some other way to do folder sync on the laptop? I’m using Fedora

mritzmann · April 21, 2026, 6:39pm

Do you use https:// with a self-signed certificate or do you use http://*? If the latter, your linked GitHub issue should not be a problem, unless you still send an HSTS header. If the former is the case, switching to http:// might be a possible solution.

EDIT: I reread the linked GitHub issue. As I understand it, a self-signed certificate will also work if you don’t send an HSTS header. So if this issue really applies to your situation, then you need to remove the HSTS header. If you’re not sure whether you’re sending an HSTS header: You can check this with curl -I <full nextcloud http/https address>

*which is perfectly fine becasue Tor has its own transport encryption for .onion-Domains

RobinL · April 22, 2026, 6:32am

I use a http://*.onion address over tor.

What I know is that something broke with Nextcloud desktop client. It used to work before, that is I could use it to folder sync from my laptop, but not anymore. I can still folder sync from my phone using the DAVx5 app and on my laptop Evolution mail client connects to my Nextcloud server.

What would be second best option on Linux to achive folder sync after the Nextcloud desktop client?

mritzmann · April 22, 2026, 6:39am

Could you post the curl output?

RobinL · April 22, 2026, 6:44am

I’m not sure what’s meant by curl output

tflidd · April 22, 2026, 10:44am

You enter a proxy in the settings I suppose?

mritzmann · April 22, 2026, 11:43am

The issue you’re referring to is about HSTS. Unfortunately, it’s not clear from your post whether you’re sending an HSTS header or not. This could been checked using curl.

Open a terminal
curl -I <full nextcloud http/https address>
Post output here on the forum

Alternatively, you can also check the webserver/.htaccess configuration.

RobinL · April 22, 2026, 2:56pm

Ok, when I give this command

torify curl http://*.onion

I got the following error message

Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it for safety reasons

And when I gave this command

curl --socks5-hostname 127.0.0.1:9050 http://*.onion

the request went through and connected to my Nextcloud server.

In the Nextcloud client GUI when setting up an account I’ve tried both ‘Use system proxy’ and ‘Manually specify proxy’, both give the same error message Failed to connect an unexpected error occurred. The GUI wouldn’t let me copy the message which is quite annoying.

Not quite sure what to make of this

RobinL · April 24, 2026, 5:50am

Does anybody know how the Nextcloud client uses the proxy?

mritzmann · April 25, 2026, 7:37am

Can you run this with the -I option to see and post the headers?

so:

curl -I --socks5-hostname 127.0.0.1:9050 http://<your onion adress>.onion

RobinL · April 26, 2026, 6:13am

curl -I --socks5-hostname 127.0.0.1:9050 http://*.onion/nextcloud/

gives

HTTP/1.1 302 Found
Date: Sun, 26 Apr 2026 06:02:59 GMT
Server: Apache
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://*.onion/nextcloud/index.php/login
Content-Type: text/html; charset=UTF-8

Is there a way to figure out how the Nextcloud client calls the proxy?