Hello. Please help with apache2 and nextcloud configuration files for isolated work in vpn. I set it up and connect via VPN without any problems, but I can also easily log in without it. I want to hide a virtual network from the global network.
Systems:
- VPS:
- Debian 11
- OpenVPN server
- Apache2 proxy
- Rpi4B:
- Debian 12
- OpenVPN client
- apache2
- NC 28.0.3
The domain is registered, SSL certificates are configured. Everything works great. But how can you restrict NC access to VPN clients only? Also keep access to it over the local network.
I think also my configs are too simple. Tell me where I can find a solution or maybe you can help right here. Thank you.
Configs from apache, which is located on the vps:
<VirtualHost *:80>
ServerName "my.sub.domain"
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
RequestHeader set X-Forwarded-Proto "https"
SSLCertificateFile /etc/letsencrypt/live/my.domain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.domain/privkey.pem
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
ServerName "my.sub.domain"
ProxyPreserveHost On
ProxyPass / http://10.8.0.3:80/
ProxyPassReverse / http://10.8.0.3:80/
</VirtualHost>
NC config.php on Rpi4B:
<?php
$CONFIG = array (
'instanceid' => '**********',
'passwordsalt' => '************************',
'secret' => '*****************************************',
'trusted_domains' =>
array (
0 => 'http://192.168.0.3',
1 => 'my.sub.domain',
),
'datadirectory' => '/srv/nextcloud-data',
'dbtype' => 'mysql',
'version' => '28.0.3.2',
'overwrite.cli.url' => 'http://192.168.0.3',
'overwriteprotocol' => 'https',
'dbname' => '*******',
'dbhost' => '*******',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => '**********',
'dbpassword' => '***********',
'installed' => true,
);
# 192.168.0.3 ip of Pi4B in local network.