Nextcloud with SSL setup using Linode but keeping domain managed through registrar

I’ve tested out installing Nextcloud without SSL and that was easy to set up but now I’m trying to install with SSL and I want to make sure I do this correctly without creating a problem with my domain.

I’m creating a new Nextcloud instance through Linode but I do not want to use their internal domain manager. I want to keep all management of my domain at the registrar. The only instructions I can find talk about pointing the domain to Linode/Nextcloud.

I’m confused about how to do this correctly leaving the domain pointing to hosting while also creating a secure link for the Nextcloud login. Should I be creating a subdomain i.e., “nextcloud.mydomain.com” and adding an “A” record to this subdomain so the records for the main domain will stay as they already are? I’m assuming that the “mx” records would need to be added to the parent domain though for mail to work. Is that correct?

What is the risk of not installing with SSL? Is it absolutely necessary?

I’m probably overthinking this and the answer is right in front of me, but changing domain records is something I rarely do, so just want to make sure I don’t break anything. Thanks.

Hi @RJ1

Yes and yes :slight_smile:

No. mx records are only needed for email servers. Nextcloud does not contain a mail server, only a mail client.

Everything will transfered in clear text icluding your password. Don’t even consider to use a service like Nextcloud without SSL, if it’s exposed to the internet.

I use CNAME records but not Linode.

I hope Linode gives you a name e.g. li123-456.members.linode.com

Hopefully you can map nextcloud.mydomain.com to li123-456.members.linode.com with CNAME.

Than there is perhaps an option to use Lets Encrypt or use e.g. certbot.
Lets Encrypt must configured on Linode and not at your registrar.

@devnull
I would probably use an A record in that case. Because 1. it points most likely to a diffrent server / IP than the main domain anyways and 2. the server would then still be reachable via nextcloud.yourdomain.tld, if for some reason the DNS resolution to the name of the Linode instance should fail.

@RJ1

  1. Create an A record e.g nextcloud.yourdomain.tld to the public IP address of your Linode or a cname record (like @devnull said) if you prefer that, at your registrar.

  2. Follow the instructions linked in this thread…

https://www.linode.com/community/questions/21083/marketplace-provided-nextcloud-on-https-ssl-instead-of-http

https://www.linode.com/docs/guides/secure-http-traffic-certbot/

@bb77
Advantage of CNAME is the fact that on changing the ip of Linode it works further.
Also the DNS resolution is not required throughout.
I only use CNAME settings for my subdomains and it works for me.

Both will work.

The main advantage of cname recoords is, that when you have an A record for domain.tld and then add multiple cname records for subdomains that are hosted on the same server / IP, you only have to change the A record, in case the IP of the server changes. If you were using A records for the subdomains, you would have to change every record induvidually,

In case of Linode however you have a fixed IP, that will not change, except you destroy the Linode instance and create a new one. But then it will most likely also get a new name. Matter of fact I don’t even know if they give them names. Alltough it can make sense to use a cname record, if OP also points an A record for domian.tld to this Linode. But most likely he or she will only host Nextcloud with a single subdomain on this instance, so it’s probably easier to just point an A record for nextcloud.domain.tld to the IP of the linode instance.

How does DNS know which IP address it has to resolve then, when there is no A Record present somewhere that points to the IP? cname records can only point to names not directly to IPs.

Me too, because I only have a dynamic IP address. My cname records point to myname.afraid.org (DynDNS provider), which then points to my current dynamic IP address.