Nexcloud and its android app - various questions after installation

Hello,

I have installed Nextcloud on Ubuntu following the below tutorial :

The tutorial worked fine. However, I encounter many issues :

  1. they ask us to go to http://YOUR_IP_ADDRESS/nextcloud/ for accessing the cloud.
    -> Question : How can I access through https ?

  2. When I try from another location : http://PUBLIC_IP_ADDRESS/nextcloud/ nothing happens. I have also tried http://PUBLIC_IP_ADDRESS:PORT/nextcloud/ and enabling ports 443 to 443, 5005 to 5005, and 2222 to 2222, without success.
    -> what did I do wrong ?

  3. On the Android app, I can access only at home with my LAN IP address. But the purpose is to access from everywhere.
    -> How can I enable access from outside ?

  4. Still about Android app, I see that I can’t disconnect the app, and it doesn’t asks me any password to connect. If somebody steals my smartphone, it has access to everything (passwords, contacts, pictures, etc.).
    -> Is there something I can setup to avoid such situation ?

Please help me.
Thank you very much for your help !

  1. To do this you will need to configure Apache to use HTTPS and also provide a certificate
    The default information can be seen at:

https://docs.nextcloud.com/server/11/admin_manual/installation/source_installation.html#enabling-ssl

and

https://docs.nextcloud.com/server/11/admin_manual/configuration_server/harden_server.html#use-https

Then you will also need to configure your home router to port-forward port 443 to the internal server port 443

  1. This is the same as issue 1 since they are both linked to enabling HTTPS and make it accessible through the firewall.

  2. This would relay to any app you run on your mobile, They can access your emails, contacts, Whatsapp info, Facebook details. This should be done on phone level by enabling the pin or password login feature of Android.

Thank you very much for the links and tips. I will try to follow up the links. As I am on Ubuntu, one of your link ask to change the Apache VirtualHosts configuration. By which way can I change it ? Shall I use the terminal or shall I find a specific file ?
Sorry but I am beginner. Thank you very much.

As for 3: You can go to the settings within the Android app and enable a PIN (the upcoming release will also support fingerprint sensors) so one would need this PIN to fiddle with the app (while the files are stored on your phone so thy can be accessed via the file system anyways like all your camera pictures, contacts etc…). So like @StephanW said, most important thing is to secure the phone via PIN, password, fingerprint or whatever is available

As for 2: Not really possible via the app since the app only stores/knows about a single address for a server so you can’t have an internal+external address. So for mobility you would have to go for external I guess, setup would be a server/infrastructure question though, where I can’t help you out with :frowning: The server address has to be IPv4 since the client doesn’t support IPv6 yet.

Thank you very much all, it works ! Unbelievable, as my level is beginner, I made it !

So I did the following :
Answer to question 1 : I have made a 443 port to 443 on TCP in my router. Then, I have opened a terminal on Ubuntu and taped :
a2enmod ssl
a2ensite default-ssl
service apache2 reload

Answer to question 2 : I have followed the below link (similar to Owncloud) by adding external and internal trusted domain to the php file :

Then I have “Redirect all unencrypted traffic to HTTPS” & Enable “HTTP Strict Transport Security” following the below tutorial (between 5:00 & 9:00). By the way, I have replaced “cloud.nextcloud.com” by my public IP address :
https://youtu.be/mzx4S4qNSb4?t=4m57s

Answer to question 3 : see Andy’s answer.

Perfect !!! Thank you so much.