I followed this simple guide on getting Nextcloud setup on a linode server but I cannot get HTTPS enable and only have HTTP which is not a secure connection.
I did everything in the video but I skipped the domain part (Step 4 & 5). I do not want to buy a domain name for my Nextcloud server and I am perfectly fine with remembering an IP address.
How do I get HTTPS to work with the IP address only?
You have to create your own certs using openSSL but be careful :
You will have a lot of trouble when browsing into your nextcloud with firefox etc. In one or two year it will be kind of blocked to visit a https that don’t match domain - sslcert.
You will have warning message using the nextcloud client
You won’t be able to easily use OnlyOffice or CollaboraOffice.
There are probably others. Either go for something self-signed, free domain or you need to buy one. Sometimes you provider gives you a hostname, perhaps you can use this.
Just check on linux: host 8.8.8.8 (with your ip of course)
Certificates from an authority cannot be for an IP Address, they can only be for an actual domain name. Certificate Authorities that issue certs for IP addresses have actually been removed as trusted by browsers from Mozilla and Google.
That means your options are using a self signed certificate (which a lot of apps refuse to work with) or getting a free domain from dot.tk (freenom) or similar.
Not really. I’ve been using freenom for my .tk domain for years without issue. There are some mail servers that will instantly send mail from a .tk address to spam, but I haven’t really had any trouble in that regard.
But if you really don’t want to use freenom, there are alternatives such as No-IP:
Have been using them for years, their DNS is not always as fast as, one would like or claimed, but afaik lowest prices for paid domains ever.
Their free domains should not be used commercially, you do what you want with paid ones.
Exactly, clean https (without security warnings everywehere and everytime) needs a certificate which is valid for a certain domain. If you then browse to this domain, the browser checks if the name in the certificate is that one where you browsed, among other things. This is simply designed to work with Domainnames, and not with IPs.
And the Mozilla licence says the same. Are you claiming that Firefox users might suddenly have their browser taken from them?
Freenom (and other free domain providers like No-IP) still have to abide by the laws of the jurisdiction in which they reside. Freenom provides .tk domains, which is the TLD of Tokelau, a dependant territory of New Zealand. This means Freenom’s .tk domains are required to abide by the consumer protection laws of New Zealand. And Freenom itself is based in the Netherlands, meaning the company is required to abide by the consumer protection laws of the European Union. That makes my .tk domain better protected than domains from a US-based company like No-IP, where there are virtually no consumer protections.
If you want a domain for a business, pay for it and get even more protections. But for a home or personal domain, any of the free domain providers are fine, and Freenom has been one of the best for years.
If you disagree, provide some evidence or reason to support your position. Otherwise you’re just repeating bullshit claims like you’re Donald Trump at a political rally.
Subject to the terms and conditions of this Agreement, we hereby grant you a limited, non-exclusive, personal, non-transferable license to use FREE DOMAIN and the domain name provided to you in connection therewith. You shall retain such right to use theservice for so long as you comply with each of the terms of this Agreement, and for so long as we make the service available to you.
This Agreement shall terminate on the earlier to occur of the following events: (i) voluntary termination by you for any or no reason pursuant to Section 1, (ii) termination by Freenom for any or no reason [and more…]
You are the owner of the domain name, meaning that You arethe person or registered organization that has been declared asthe owner of a domain name upon its registration, and visible inthe public Whois database, which may be accessed for example,at “https://www.gandi.net/whois” (hereinafter the “Customer” or"You", “Your”, or “Owner Contact”).
Exactly, clean https (without security warnings everywehere and everytime) needs a signed certificate which is signed by a trusted authority and is valid for your url. regardless if it’s an fqdn or an ip address. If you then browse to this domain, the browser checks if the name in the certificate is that one where you browsed and is signed by an authority your browser trusts, among other things like if the certificate is revoked.
This is simply designed to work with Domainnames, and not with IPs.
That would work as well with ip addresses. But no signing authority would trust your ip address. Because you can’t be the owner of an ip address. Not like you are an owner of a domain.
That IS the point. All free software and services have the same clauses in their licenses or terms of service. ALL OF THEM. Calling out one specific service for stating they can terminate the service for whatever reason, as if it’s somehow unique, is dishonest at best.
Now you’re being overtly dishonest. A “proper” registrar? Seriously?
“Real” domain? How are you defining a “real” domain compared to a “fake” domain? The language you are using demonstrates your bias and lack of understanding how any of this works.
Why would you link to gnu in order to describe Mozilla’s MPL? Gnu was founded by a sex offender, you should have linked directly to Mozilla’s description of their license. The Mozilla license has a whole section on termination. Debian Linux even includes “Iceweasel” instead of Firefox in order to avoid violating the Mozilla license. I’m typing this in “Waterfox”, that treads carefully not to lose their access to MPL licensed code.
Self signed certificates are rubbish in a modern world of mobile devices. It’s incredibly difficult to piece together the various mobile apps that will talk to personal email servers, or sync contacts or calendars, or sync photos and files, unless you have a CA certificate.
What are you envisioning here? Just a vanity website? Then who cares what free domain you get? Change it if you need to. Or are you talking about something closer to my setup, where my phone connects to my personal email server, any photos I take are automatically uploaded to my server, and contacts are calendar are synchronised.
I used to use self-signed certificates, but I needed to use dodgy and unreliable apps to make things work. As soon as I was able to get Let’s Encrypt certificates for my perfectly reliable Freenom .tk domain, everything became easier.
I’ve been using a .tk domain for years, and you still haven’t provided a single reason why Freenom would take the domain away on a whim. All you have is hyperbole and links to sex offender domains.