Need help for configuring first Nextcloud appliance for esx

Hello im new to nextcloud

Ive download the ESX image and installed it

Now ive got some questions that i can’t figured out

1- ive installed the app nextcloud and when i go here

i get this error

Please contact your administrator. If you are an administrator, edit the “trusted_domains” setting in config/config.php like the example in config.sample.php.
Depending on your configuration, this button could also work to trust the domain:

So i edited the file /var/lib/univention-appcenter/apps/nextcloud/conf/config/config.php

here is what look the file

$CONFIG = array (
'passwordsalt' => 'xxx',
'secret' => 'xxx',
'trusted_domains' =>
array (
0 => '',
1 => '192.168.xx.xx',
2 => '',
'datadirectory' => '/var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data',
'overwrite.cli.url' => '',
'dbtype' => 'pgsql',
'version' => '',
'dbname' => 'nextcloud',
'dbhost' => '',
'dbport' => '5432',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => 'xxx',
'installed' => true,
'instanceid' => 'xxx',
'updatechecker' => 'false',
'memcache.local' => '\\OC\\Memcache\\APCu',
'overwriteprotocol' => 'https',
'overwritewbroot' => '/nextcloud',
'htaccess.RewriteBase' => '/nextcloud',
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
'trusted_proxies' =>
array (
0 => '',

if i go with the ip adress it’s working fine

2- how do i configured this - i can’t find on wich file to make the modification

The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips.

3- On the Univention Portal when we click on the apps Nextcloud how can we change the url it will open to

Thanks for your help !

Anyone can help me please ??

which url are you using in your browser to connect to your nextcloud?
of another internal name?

just a guess: did you try with a small “c” in nextcloud?

  1. Accepted domains:

I’d recommend replacing this with entirely lower-case characters (‘’) and see if that helps any. If it works when going to the IP, it would seem you have the correct file for this.

  1. Strict-Transport-Security header:

This depends entirely on what web server software you’re running with Univention, which appears to be apache2 by default. You’ll need to edit either the configuration file for apache, wherever that lives, or the .htaccess file for Nextcloud if that’s supported. Univention might have their own way you’re supposed to do this, so take this with a grain of salt.
There’s a tuturial on what STS headers are and how to add them to different webservers here, or a StackOverflow question on adding using the .htaccess file here.

  1. Univention URL:

Unless there’s a way to do that directly from the Univention UI, you may need to further modify the apache config. Probably a redirect will play nice with Univention’s existing config, and still get you the experience you’re after. It’s still probably best to ask them, though, as this is specific to their deployment settings.

You’ll also probably want to redact or change (by removing and reinstalling, if that’s feasible) some of the settings from the config file you’ve posted here - passwordsalt, secret and dbpassword, in particular. They can’t just be changed in the config, as user accounts and such have all been calculated based on them.

Hi thanks for your answer

So ive tried all these website below and none work except for the ip adress

‘trusted_domains’ =>
array (
0 => ‘’,
1 => ‘’,
2 => ‘’,

which url do you use in your browser?
that one should be in the trusted domain array.

im using

Unless you own “”, which you do not, you’ll need to update it with your actual domain name, otherwise indeed only the IP will ever work.

Just in case that needs to be said…

jean francois: i don’t know this univention stuff. can you confirm that in your environment is a valid dns a record (or cname)?
i asume it work’s because if not you would get the error message about the trusted domain.

is the server ip address?

Just to be cleared ive wrote but it was just to not mention what was my true website

ive create a dns record with my ISP

WOW ive finally figured this out

i was editing this file


and nothing was working so i search for another config.php at the root of the server and find this one


ive edit this one and now everything is working fine

i think that documentation for this should be update so new user like me don’t waste time on this :slight_smile:

ill keep continue to work on #2 and #3 question and update you

For question #2 here is what i did to solve my problem

Edit the file /etc/apache2/sites-enabled/default-ssl.conf and add these lines

    <IfModule mod_headers.c>
            Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

great that you found a solution.
i would strongly advice to ask the univention guys if you did it right. that is to say this config might be lost after reboot or update of the docker container.
and #3 is also related to univention and not nextcloud.

Forget question #3 it’s not neccesary :slight_smile:

I have a 4th question

is this possible to deny access to https://cloud.mydomain/univention/portal/

and just permit access to https://cloud.mydomain/nextcloud/

you have to find and edit the web server config. and disable the /univention/portal/ part.

what is in /etc/apache2/sites-enabled ?

root@cloud:/etc/apache2/sites-enabled# ls
000-default.conf default-ssl.conf default-ssl.conf.bakjfg univention.conf univention-portal.conf univention-saml.conf univention-server-overview.conf

a2ensite, a2dissite - enable or disable an apache2 site / virtual host

you may try.

The answer for the 4th question is here

Thanks all for your help