How to use External Sites when using Nextcloud from outside our network

Hello Forum,

I’m using external sites to link to a Guacamole Server (clientless remote desktop gateway) I’ve installed in our office (internal network). I can successfully see the login for our Guacamole when I use the external link created in Nextcloud. But if I open a port forward rule to outside our network to our Nextcloud and test logging into my Nextcloud from outside, the External Site link to our Guacamole server does not work. I get error messages such as the Guacamole IP and/or DNS name cannot be found?

Any ideas or tips on how I can use the Guacamole login external site inside Nextcloud when logging into Nextcloud from outside? It’s like the outside person logging into Nextcloud obviously doesn’t know the IP address of our internal Guacamole server and thus the error. I would have thought that once we login to Nextcloud from outside we are now in our network (on Nextcloud) and the DNS name to our Guacamole server would be known to our Nextcloud and therefore work.

Any ideas or suggestions on how I can solve this (without opening a port forward rule to our Guacamole server) would be greatly appreciated. My plan is to have only our Nextcloud opened up to the Internet and have a king of two step login to be able to access our internal resources through Guacamole (first login to Nextcloud then login to Guacamole).

Thank you.

The external Site app is just providing a link to the Browser, where the browser can find the external Site. So the external site has to be reachable form outside of your network. I used a Apache proxy for that. But your external site is then reachable from everybody and not only users loggedin into nextcloud.

If your intressted I could lookup my apache config for that and provide it.

1 Like

Hello Tacruc,

Yes please provide your Apache config if you don’t mind sharing that with me.

Thank you very much for this reply. Yes this explains my problem then. I had hoped to be able to only open one port for access to our office for Nextcloud and then through Nextcloud provide a secure access to select computers in our network by having the user login to Guacamole using the External Sites App.

A bit more info for you…I’ve installed our Nextcloud on Nethserver and through Nethserver I use a reverse proxy that points to my Guacamole server. It’s works very well inside our network as the reverse proxy enforces https using the ssl cert from our Nethserver…but again from outside our network a user cannot get to the Guacamole IP or DNS after logging into Nextcloud.

I think I have to find another solution to having one login to our office. I could always use a VPN solution instead I suppose.

Thank you.

Ok I think my Apache configs are not helping for your case. It is nothing special just a vhost for a subdomain and then a proxy to the external pages. This way I only have one open port in the firewall an Apache decided passed on the URL if it is nextcloud or the extenal page. But the extenal page is still reachable without login.

      <VirtualHost *:443>
                ServerAdmin webmaster@localhost
                DocumentRoot /var/www/sharelatex_apache
                Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

                //Some ssl stuff

                ProxyPass / ws://localhost:3000/
                ProxyPassReverse / ws://localhost:3000/

                ProxyPass / http://localhost:3000/
                ProxyPassReverse / http://localhost:3000/

                ProxyPreserveHost On



For anyone else who happens by this post…I was able to solve my problem by referencing the external address (A record) I used to access my Nextcloud from outside our office in the External Site setup…and add to the end of that A record reference the reverse proxy I setup in my Nethserver…this is what solved my problem for me.

Thanks very much @tacruc for taking the time to read my post and comment.