I’ve already posted on Tailscale this question but I wanted to make sure I cover the basis.
I basically want to know if it is possible to access Nextcloud from two different networks using two different HTTPS site domain names with two separate certificates.
Here is what I have and what I am looking for:
I think you do not need a reverse proxy as long as you don’t need ports 80 and 443 for other purposes than the web server. I think your webserver can handle two virtual domains to the same Nextcloud path with different SSL certificates. In Nextcloud you can configure.
But i think the biggest problem is the certificate for your local domain.
I would just use the domain web.tailxxx.ts.net for all users (better also for Android clients ). You might want to look at Hairpinning and NAT Traversal. Don’t think there is a security advantage to using an internal domain name web.home.lan from within. Then rather block the access from the outside or use VPN or 2FA without sharing permission, that brings you the greater security gain. Alternatively, you can think about building two separate Nextclouds one for inside and outside and one for inside only. But this is a completely different setting. Your current setting cannot make this distinction between inside and outside.
Thanks for the response.
It would definitely make things a little easier if I just have every client on my LAN use the Tailscale network and not worry about web.home.lan and just use the Tailscale FQDN. It’s definitely a strong consideration.