I work with a private top-level domain in a private network and therefore have a self-signed SSL certificate.
So far, for me, NextCloud windows client 3.17 is the only product that doesn’t work with self-signed certificate.
1 Like
I have found the following issue: https://github.com/nextcloud/desktop/issues/8598
TL;DR: Starting with version 3.17.0, stricter certificate validation was introduced. According to this comment, there are the following implications:
-
If you are using self-signed certificates, you need to disable HSTS on your server.
-
If you use your own CA, ensure that the full certificate chain is served and that your root CA is trusted on the client OS.
Releated issue:
https://github.com/nextcloud/desktop/issues/7166
Addition: (to cover this case here as well)
-
If you’re using a valid certificate from a public CA that is only valid for domain 1, you can no longer connect via domain 2 (or localhost) simply by skiping the certificate check.
I’m not sure whether disabling HSTS on the server would help circumvent this as well, but in this case it would probably be a bad idea — especially if your instance is exposed to the internet. The better solution would be to use Split-DNS, as mentioned here.
Also, using a different domain name for your LAN than from the internet has other disadvantages, which I also mentioned in my earlier comment.
I’m marking this as the solution, but feel free to correct me if I got something wrong or if you can think of other cases I haven’t considered.
1 Like
Today I set up the reverse proxy (HAProxy) on my OpnSense router.
- Install and setup dd-client for dynamic DNS. I use AWS so an access token to route 53 shall be generated. The same access token is also used by ACME (letsencrypt)
- Install ACME (Letsencrypt) plugin, use the same AWS route53 access token for DNS-01 authentication
- Install os-haproxy. Set up real servers and services. using the ACME certificates to route the traffics.
1 Like
Hi bb77,
Thanks for you suggestion! This is exactly what I did for a workaround to use the file sync client on the same machine as the server. And my local machines on my LAN can also use a similar line in the hosts file.
However, it would be really nice if you didn’t have to use the file sync client on the machine with the Nextcloud server. Why? because my Nextcloud server machine is also my primary compute node and primary data storage machine. I don’t want to have a separate machine just for the Nextcloud server. I’m thinking that most home users feel this way too. The way things are now, I use double the disk space on my machine hosting the Nextcloud server - in both the Nextcloud data directory and the corresponding machine accessible directory which is synced to the Nextcloud data directory on the same machine! If there’s a better way to handle this, I’d love to know. Thanks
I did not mean to denigrate in any way, the authors of Nextcloud and I’m very thankful for all their hard work in this project.
Well, then I guess, you’ll just have to live with certain disadvantages that come with running server software on your daily-driver computer. Nextcloud is designed as server software, not really intended to be run on a workstation you use every day. Is it technically possible? Sure. Is it optimal? Definitely not, for reasons that go well beyond the duplicate storage issue you mentioned.
Definitely not most users. In fact, I’d say the majority of home users run Nextcloud on a separate device, whether that’s a NAS, a mini PC, a Raspberry Pi, or some repurposed old hardware.
You could avoid the duplication by:
- using Nextcloud directly in the browser,
- using the desktop client with “Virtual Files” enabled,
- or mounting via WebDAV instead of syncing locally.
Another, and probably better, approach in your situation would be to only use Nextcloud for the files you actually want to share with others or access remotely, instead of putting everything into it. After all, what’s the real benefit of storing and accessing data through a Nextcloud instance installed on the same PC where you then mostly use that data, when you could just store and access it directly through that machine’s local file system?
In the context of file storage, Nextcloud only really makes sense if you use its collaboration features directly in the web UI and/or want to share files with others and/or use it as a central storage hub for your files, so you can access the files from multiple devices anywhere and/or keep them synced across devices.
If you only use a subset of these features (e.g. syncing across devices), and you don’t want to provide a dedicated machine to act as a server, Syncthing would be a better option. If you also need the Share feature you could take the opposite approach (as already mentioned), and only upload—and therefore duplicate—the specific files you actually want to share with others to Nextcloud.
However, if you want to take full advantage of all these features, and possibly even more of what Nextcloud has to offer, without making compromises, I’d strongly recommend installing it on a separate machine.
1 Like
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.