I have an existing NC running debian in a VM with a centos7 host. The NC VM has never been available outside the local network. So, The domain name ends in .local . It was not my preference, I took over management of the server from another tech.
So, I now need to offer access via the internet. My problem is that the domain it has I do not think I can register it as it ends in .local . My thinking right now is that I have to change the domain on either the host OS or maybe even both in order to get registration of the domain and get a cert from letsencrypt. I will be installing nginx and setting up a reverse proxy to do this on the host.
I have been told that all I have to do is reference whatever new domain name I use in the hosts file and also add it to NC. However, Would that create issues with letsencrypt as it might see it as the old domain ending in .local?
To my understanding .local cannot be used as its already taken.
Thoughts on how to accomplish this please.
This would be a question for the nginx community.
Thank you. I will head on over there. Just figured that there would be some nextcloud users running a reverse proxy with nginx.
So you’ll get a more complete answer over on the nginx forum but my first instinct would just set up a simple port
80 redirect from your
.local domain to the new ssl domain and change Nextclouds configured domain
listen 80 http;
listen [::]:80 http;
return 301 https://example.tld$request_uri;
listen 443 ssl http2;
listen [::]:443 ssl http2;
I would strain to point out if you’re not 100% familiar with operating out on the internet consider using a VPN for you users to access.
*Edit as for letsencrypt you’ll need to setup the appropriate port 80 settings or as I prefer use DNS verification and just get a handy wildcard cert. The advantage is port
80 doesn’t need to be open to the internet and you’re not publishing your internal hosts out on the internet.
you need a public domain name first.
once you register this domain, choose good hostname for your NC and setup (nginx) reverse proxy to server your NC with TLS
you can add
trusted_domains to your Nextcloud and it should be done…
I would recommend you to start your journey with a simple webserver “whoami” without touching your valuable data stored in the Nextcloud and and not publish data in insecure ways by an accident… once your revese proxy works run ssllabs test check to review it’s TLS config is secure… then migrate to the production Nextcloud and repeat… additionally running https://scan.nextcloud.com
I want to thank you for your reply. I have setup nginx reverse proxy for my systems once before. I run Meshcentral to service my clients with it. So, I am kinda versed on the setup. However, The big difference is that I had a FQDN on my system where on the system I am now working on does not. Also I did not provide outside access to my Meshcentral setup. I just didnt want to go the expense of changing the FQDN on the server if I did not have to - If there was a work around and was curious how letsencrypt would work with such a setup.
Just this morning I got the domain name registered and will be working on the rest of nginx reverse proxy. As advised, I will certainly take my time in setting this up as far as security goes. I will also setup a cron job to email me the security logs every day.
Even though this is a nginx question I figured a lot of posters here probably use it with nextcloud and I would start here.