Context
- Nextcloud Server version:
- Nextcloud Hub 10 (31.0.8) (31.0.8)
- Operating system and version:
Ubuntu 24.04 LTS
- Web server and version:
- Apache/2.4.58 (Ubuntu)
- Reverse proxy and version:
- nginx/1.29.1
- PHP version:
- Selected in HestiaCP: 8.3, reported by Nextcloud: 8.2.29
- Installation method:
manual on a VPS on top of the **Hestia Control Panel**
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
Cloudflare yes, but proxy is off for the A record
mod_security is not loaded in Apache
Web server / Reverse Proxy
Apache with Nginx
Nextcloud configuration
Contents of config.php:
<?php
$CONFIG = array (
'instanceid' => 'oc4plhmtku49',
'instanceid' => '***********9',
'passwordsalt' => 'Y***************************OE',
'secret' => 'T**********************************************I',
'trusted_domains' =>
array (
0 => 'server.subdomain.tld',
),
'datadirectory' => '/home/hestia_user/web/server.subdomain.tld/public_html/data',
'dbtype' => 'mysql',
'version' => '31.0.8.1',
'overwrite.cli.url' => 'https://server.subdomain.tld',
'dbname' => 'nc_db',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'db_usr',
'dbpassword' => 'jlsdflsdhfsl',
'installed' => true,
'app_install_overwrite' =>
array (
),
);
Apps
The output of occ app:list:
Enabled:
- activity: 4.0.0
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- guests: 4.5.1
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- nextcloud_announcements: 3.0.0
- notifications: 4.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- updatenotification: 1.21.0
- user_status: 1.11.0
- viewer: 4.0.0
- webhook_listeners: 1.2.0
- workflowengine: 2.13.0
Disabled:
- admin_audit: 1.21.0
- cfg_share_links: 7.0.1
- encryption: 2.19.0
- files_external: 1.23.0
- photos: 4.0.0 (installed 4.0.0)
- suspicious_login: 9.0.1
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0
- user_ldap: 1.22.0
- weather_status: 1.11.0 (installed 1.11.0)
Summary
I would like to publish a large directory with multimedia (1TB) and make it available to the public, while allowing the following functions:
- search
- bulk download
This would be something like Proton Drive or Google Drive.
For the moment I am considering Nextcloud, but I am quite aware that this might not be the best platform for this.
Unfortunately, unauthenticated Nextcloud users cannot search shared public directories.
The only alternative on Nextcloud I could think of was the Guests application.
So far I created a single guest user called Guest, with the help fo the php occ guests:add command. My idea is to share its credentials with the public. Another user, a normal one, already shared a certain Public directory with the Guest user and that works.
Now I need to prevent anybody logging in with the Guest user from:
- locking other users out by changing the password or e-mail address etc. of the Guest user
- abusing the server, by initiating the download of very large amounts of data via the web interface
So I’ve been trying to prevent the Guest user from accessing its Profile > Settings page, in particular its Personal Info and Security pages. Is this even possible?
Any other ideas are welcome.
Thank you.