Local and ssl web access

Hi every one,

i have a Nextcloud server with the following guide installed:

Everything works very well and secure (A+ in nextcloud sec. ranking) BUT :slight_smile:

How can i configure 1 additionally local PC connection to Nextcloud? i tried multiple things, but nothing works.
is it recommendable to have a self signed ssl certificate for local access?

My system:
Nextcloud version 20.0.4
Operating system and version: Ubuntu Server 20.10
nginx version 1.18.0
PHP version 7.4
let’s encrypt ssl
… see the guide :wink:

Thanks for your help.


ummmm. your problem isn’t clear to me, yet.

HOW exactly do you want your additional PC connect to NC?

local (192.168.1.xx)

you want your Windows PC to connect via Desktop App to your NC?

yes this is right. Because i won’t push my local files over the internet and back to my local nextcloud server :wink: but the server is configered for 443 trusted domains only.

the most direct way would be you’d enter your local server-ip into the browser of your desired PC and then log in to your NC, directly fopr uploading your stuff.

That isn’t possible. Only over 443 with a trusted ssl Certificate access is possible. When you look into the guide you see the configuration, but I’m not so good to find a solution by my self.

ummm no. Your browser might complain but usually you can bypass that.

here is the error message

Zugriff über eine nicht vertrauenswürdige Domain

Bitte kontaktieren Sie Ihren Administrator. Wenn Sie Administrator sind, bearbeiten Sie die „trusted_domains“-Einstellung in config/config.php. Siehe Beispiel in config/config.sample.php.

Weitere Informationen zur Konfiguration finden Sie in der Dokumentation.

no problem. you just add this particular domain to your config.php trusted domains.

did you try to copy the nextcloud.conf local_nextcloud.conf
change the server name:

server_name _;

on remove the lines that contain:

ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

never tried that. but then you have two vserver. one listening to your “your.domain.com” secured with a le cert. one listening to everything else.

1 Like

Can you connect to your Nextcloud if you use the public URL (e.g. cloud.yourdomain.tld) ​​on said PC? If so, everything works as it should and nothing has to be changed or added.

yes this is right. Because i won’t push my local files over the internet and back to my local nextcloud server :wink: but the server is configered for 443 trusted domains only.

Just because you are using the public URL, it doesn’t mean everything will be routed over the internet. If you use the public URL on a PC in the same local network in which your nextcloud server is located, the DNS query will return your public IP address. But the router recognizes this and “reflects” the connection back to the internal network. This means no data is ever leaving your local network. This feature is called Hairpin-NAT, NAT-loopback or NAT-Reflection. Most routers do support NAT-Reflection.

hope that helps.

1 Like

Hi, i checked this with WireShark… no NAT Reflaction. :frowning:

What exactly happens if you try to connect to your nextcloud with via Domain Name e.g. cloud.yourdomain.tld from said PC?

If you can connect, everything is working as expected and you should use the domain name.

If it doesn’t connect, then you are probably right and NAT-Reflection is not working on your router. On some models this has to be activated. Some models don’t support it at all.

If you can’t get NAT-Reflection working you could use an internal DNS-Server that points your domain name to the internal IP of the server or edit the Hosts file on your PC. https://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/

…or you could do what the error message says and add the IP-address of the server to your trusted domains list in the config.php. But if you connect to the server via IP-address instead of the domain name, you will get an error message in the browser, because the name in the certificate does not match.

to edit the config.php file you could use nano.

nano /path/to/your/nextcloud_folder/config/config.php

and add another line in the section “Trusted_domains” as shown below. In your case that would be the second entry: 1 => '192.168.XXX.XXX',

'Trusted_domains' =>
  array (
    0 => 'cloud.yourdomain.tld',
    1 => '192.168.XXX.XXX',  

How it runs here:
I have configured a second Virtual Host in Apache, defining the same ServerRoot, but different security policys. I have referenced a local certificate, issued by a local certificate authority (via openssl) for a local name and the IP address. The root certificate is imported to my client(s), of course. Alternativly, you can configure a self signed certificate for local use.
Add the appropriate trusted domain to your config.php, as bb77 mentioned.

I’m having the same problem… tryin to sync 600GB of data, but the sync goes through the ddns address via 443. I’ve tried to add the IP of the server to the trusted domains, but the nginx is blocking every request from not ssl properly.

Any solution?! Adding a new server to my nginx conf?

Thank you

For a onetime sync, I would use local DNS on the computer from which I wanted to sync the data. Simply point the domain name to the internal IP address of your Nextcloud server in the local hosts file of your operating system. If it’s a workstation PC, you can leave it that way afterwards. With a laptop that you also want to use outside of your network, you would have to undo it after you copied the files.