The Basics
- Nextcloud Server version:
- latest
- Operating system and version (e.g., Ubuntu 24.04):
- Ubuntu 22.04
- Reverse proxy and version
- traefil:latest
- Is this the first time you’ve seen this error? (Yes / No):
- yes
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- docker AIO
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
- Using Cloudflare DNS
Summary of the issue you are facing:
I have Nextcloud running at nextcloud.domain.com, with traefik as my reverse proxy/letsencrypt thingy. I have a middleware to only accept local ips (which works). However, i would like shares to be available on WAN. I got it working by creating a router that routes to PathPrefix(‘/s/’). However, it only lets me download the file if i visit from WAN, it doesn’t let me edit. It seems that nextcloud office uses different URLs for collabora editing.
Steps to replicate it (hint: details matter!):
- share a file as external (…domain.com/s/…
- use the following config in traefik:
- traefik.enable=true
- traefik.http.routers.nextcloud.entrypoints=https
- traefik.http.routers.nextcloud.rule=Host(`${NEXTCLOUD_DOMAIN}`)
- traefik.http.routers.nextcloud.priority=1
- traefik.http.routers.nextcloud.tls=true
- traefik.http.routers.nextcloud.middlewares=local-only
- traefik.http.routers.nextcloud.service=nextcloud
- traefik.http.services.nextcloud.loadbalancer.server.port=80
- traefik.docker.network=global
# sharing documents externally via /s/* should be accessible to WAN
- traefik.http.routers.nextcloud-share.rule=Host(`${NEXTCLOUD_DOMAIN}`) && PathPrefix(`${SHARE_PREFIX}`)
- traefik.http.routers.nextcloud-share.entrypoints=https
- traefik.http.routers.nextcloud-share.tls=true
- traefik.http.routers.nextcloud-share.service=nextcloud
- traefik.http.routers.nextcloud-share.priority=3
- use an ip outside of the LAN that traefik is accessible on
- only be able to download the file, not edit.
Web Browser
I get the following in my network tab, things are forbidden
