Only make share links publicly accessible

Version: latest, doesn’t really matter

I’m running Nextcloud docker on UnRAID and I want to be able to share links with friends over the public web but disable the default login page and access my personal files only from within my LAN or remotely via VPN.

I know this can be done with multiple server and location blocks in the nginx site config but I can’t get it to work. Any tips?

Got it in one!! You need to configure something (reverse proxy/nginx/whatever) to only allow access to a URL with /s/ in it. Such as https://sub.domain.tld/s/PTHRfXzbTp7ATAg

All other URL requests need to be blocked.

How you do this is up to you. We can’t configure your system for you, but I would start by looking at how the official nginx configuration in the handbook handles this and go from there.

I got it working. I added these two location blocks to the default server block:

location = / {
    deny all;
location /apps {
    deny all;

and kept the original / location block:

location / {
    rewrite ^ /index.php;

Now I can’t access / or /apps/files (previous session still valid) by default.

Then I added another server block with the default settings and

server_name 192.168.X.X,10.8.Y.Y;

to access from LAN and VPN.

Keep in mind this is not the same thing as allowing only /s/.

You’re right, but only allowing /s/ breaks things…

The goal is to allow file sharing externally and nothing else correct?

/s/ allows access to your shares. Particularly direct download links such as https://sub.domain.tld/s/TqSSmAki5to99g5/download or preview.

It (likely) won’t allow direct browsing on the website but the actual shares should still download with a direct link.

I know, but disabling the default location block:

location / {
    rewrite ^ /index.php;

breaks all access including /s/.

But I never said to disable the default location block :slight_smile:

Personally I would leave everything as is on the main server and setup a reverse proxy that only serves content from /s/. Keep in mind this is well outside of the normal configuration and requires the knowledge to do so.

I’m using NginxProxyManager…

Thanks for your help!

Can I ask another question?

I want my share links to contain the domain name instead of the local/VPN IP that I used to access nextcloud.

When changing my config.php to include

'overwritehost' => '',

I get redirected to when accessing nextcloud by IP which is blocked since it’s not in /s/

Any hints how to get this working?