Internal Address / external Address - shared Links

Hey Guys,
we’ve installed nextCloud in our Company amongst others to share files for our Customer.
The customer naturally only has to use the external Address. So, we always have to use the external Address, when we want to share a File, because only in this case the generated Link is correct for external use.
But when we have to copy big Files to NextCloud to share them, it is faster to use the internal Address than the external Address.
Can this Address be manipulated?

1 Like

My question is similar to yours.
There are have two groups of users. Internal, which are use full web app interface trough web browser, and the external, which is accessed via a web browser and external links. Internal users can share links normally, because connect to server a through internal address 192.168.x.x
For external users, put a checkmark “Share Link”, enter password and expiration date. But it is necessary each time to manually change the address of the external server address like cloud.company.com or 83.33.xx.xx

The question would have dared, through the application “External sites”, but internal users can not access through a web browser to an external server address. Most users do not know how to change the links, or make mistakes when changing addresses.
Why in the “Share link” are not divided by internal users with a link internal address, external user to the external address. And the external server address is set in the system settings. Its simply.

Hi,

I’m not sure if this is applicable for you/ your company, but what about the C:\Windows\system32\drivers\etc\hosts file?
With:
192.168.x.x your.domain.de

the URL of your server would internally (on the devices with changed hosts file) always resolve to the local IP address. So shared links can always look the same and everybody who receives the link accesses the server either by the hosts file resolved address or the DNS resolved address (external IP).

Maybe this is an applicable workaround for you.

Apart from that I am wondering if the proxy/ router can’t be configured to detect that a request to an external IP would actually direct to an internal server. There is technical term for it, which I currently cannot recall. Requests to an external address which lead to an internal server, would not leave the internal network and would be redirected. Could this be a hint? I’m not an IT guy :innocent:

Regarding your specific request with internal and external share @mst:
Nextcloud 11 generates both, internal and external links at will. So when you share with a group or NC user, you can hit a button “copy local link” and mail the link to your users. Additionally you can of course share via external link and provide that link to customers and so on.

Hi @sp01 @mst @Schmu , in short - you should configure your DNS server for this.

If you’ve got a local MS DNS Server: create reverse lookup zone to your official domain “yourdomain.tld” and add an Alias(CNAME) pointing to the internal hostname and ip address (ownhost.yourdomain.tld - 12.34.45.78). Then your DNS Server translates it to the internal IP, and only for ownhost, the rest for yourdomain.tld goes external.

If your main local DNS is on your router, you may do some research how to configure this. DNSMASQ e.g. needs an entry like “address=/ownserver.yourdomain.tld/12.34.45.78” somewhere in the config.

If you don’t have an own local DNS server, then you must use the local hosts file on each of your client.

regards

1 Like

The link created when I share links is showing up as my internal ip address https192.168.1.11:81. I use a domain.com:8181 to access nextcloud. How would I change this?

In the file config/config.php Add ‘overwritehost’ => ‘cloud.yourdomain.com’,

With out the https:// / http://

That worked for me :slight_smile:

2 Likes

Thanks! that did it.

Reviving this to say thank you to @EmilionDK

This option should be baked in to the UI and has been very frustrating but this one line fixed everything!

Thank you!!

If you are using Nginx then you can remove the port and it looks native.

'overwritehost' => 'my.domain.com',

Otherwise put the port in

'overwritehost' => 'my.domain.com:4433',
1 Like

You need to use split horizon DNS for any serious service deployment that will be accessed both locally and remotely. Then you just use the name, and it will automatically go to the LAN IP while on the internal network.

Honestly this is more complicated then it needs be.
No offence to people suggesting hosts modifications but that’s just pure horse manure.
First off you need to do it to each client, that can mean a lot of people. Not everyone of those clients is tech savvy, not all have administrative access to their device.
Some security software prohibit the editing of the hosts file.

There definitely needs to be an option of enabling the use of the hostname, via the UI or better yet when setting up the whole service.

You want people to deploy and configure an internal DNS server to solve a problem which should be easily solvable with generic Nextcloud code. Your proposed solution MAY work in a large enterprise where the IT department is tasked with deploying the Nextcloud server. It will definitely NOT work for any SMB or residential users.

Completely agree. I think it’s time to write some code.

Actually it is already pretty easy to configure your own local dns server by configuring a pi-hole to be your local dns server which brings this functionality with it.

Actually it is already pretty easy to configure your own local dns server by configuring a pi-hole to be your local dns server which brings this functionality with it.

The audience I am going after is SMB and home users. The local dns server idea will definitely not fly with this crowd.

I think I can figure this out myself by looking at the code.

I am really surprised that no one in the Nextcloud core team had taken an interest in this though. It’s a HUGE market.

Bruce T

In my experience is pi-hole is a pretty interesting feature for home users but I am looking forward to the outcome of your research!

Home routers often have a feature called NAT loopback / NAT reflection, wich should make it work out of the box without a seperate DNS server. On some routers this feature has to be activated in the router configuration. In some routers a function called “DNS rebind protection” has to be deactivated" to make it work. Small and medium business routers usually have advanced DNS features and you should find features like “DNS Hostoverrides” directly in the router configuration. And larger companies with a Windows Domain Controller do have DNS server anyways.

Why would you wanna do that?? And I am curious how you imagine that should be implemented… If you logged in with the local address and you want to share a link to someone outside your network, it uses the internal URL. And how would you configure your phone clinets? Would you use the internal or the external URL? Should the software ask every time you share a link or open the app?

I’m not surprised, because that’s not the way it should be done.

Maybe for you, not so much for Nextcloud. Or how many small businesses do you know, who pay for Support contracts. Certainly not the ones who are to cheap to install a separate RasPi for DNS :wink:

And if they can’t spend a few bucks for a second device that does DNS, what kind of business is that anyway? And how do they backups? If they want to run their own server for their business, they need a second device for backups anyway. So they could run DNS on that…

It’s one thing to do strange “crafty” things for yourself, but if you’re consulting other people or businesses, please do it right!

1 Like