I think and hope that if all is on an internal private network it does not need any external network. And if: WHY? Must it communicate to Microsoft or Nextcloud GmbH? Then i open an issue 
I think it is only a certificate problem. The one server as client does not accept the certificate from the other server and vise versa.
that’s true… and why don’t they accept each others cert? because they aren’t public valid. you only can reach a public valid cert if your servers are public reachable.
@JimmyKater
That is all ok. But if you create your own certificates and CA it is perhaps possible if the client trust the CA.
do not have to access Microsoft or nextcloud GmbH
I just want to test the availability of Federated cloud ID shared files in the intranet.
Because last year I tested the Federated cloud ID function on the Internet, and he was OK.
they stay just self-signed.
file that as a missing feature on github
It seems that you can’t use the Federated cloud ID to share files in the LAN.
Thank you for your advice and explanation.
It seems that the documents on NC’s official website should clearly explain this problem. The Federated cloud ID can only share files on the Internet.
Thank you again!
I think you must add the certificate of your own CA to your ca-certificates trusted from “curl” and perhaps than also Nextcloud.
https://stackoverflow.com/questions/5109661/add-self-signed-certificate-to-ubuntu-for-use-with-curl
So, I think it’s still about certificates. If there is a recognized CA certificate (not a self signed certificate), then this problem may be solved. It has nothing to do with whether it is a LAN or not.
I found this occ-command. Perhaps you can test it.
https://docs.nextcloud.com/server/19/admin_manual/configuration_server/occ_command.html#security
I’m still from https://curl.haxx.se/docs/caextract.html Downloaded cacert.pem 。
Set php.ini , added a line
curl.cainfo = “/xxx/xxx/ cacert.pem“
But it still doesn’t solve the problem.
Good!
It seems very helpful. I’ll test and see.
Thank you again!
i’m not sure if it will work too, there are some configurations that could help, always had some initial trouble with setting up federation, once it runs it doesn’t break according to my experience.
Make sure:
App is activated and the latest + the same on both servers, I managed to federated different versions of nextcloud, but it usually only complicates things.
config.php
try add trusted servers manually, if you add the FQDN in hosts and use a self-signed certificate it might work, but for a real CA you need an external certificate. My experiance shows, that either internal FQDNs work, the thing with certificates is, you can’t have certificates on IPs, only on FQDNs. With a wildcard-certificate it surely works (got this setup too, server1.yourdomain.com can communicate over federation with server2.yourdomain.com.
good luck on figuring it out.
br
First of all, thank you for your reply.
Setting is required config.php? Need to be in config.php How to set it in?
Can you explain in detail “ config.php ” What kind of configuration should be made?
Thanks!
lookup config.sample.php
I’m sure you got trusted server-array, that usually is used for the ip/dns to access your nextcloud, but I found out it can help with federation too, to put in smth like this
Open your config.php in vi or nano or if you really use nextcloud on a xamp (windows) with your favorite texteditor.
OK!I’ll try this.
@biubiubiu @aignerat
Here the documentation for “trusted_domains”:
'trusted_domains' =>
[
'demo.example.org',
'otherdomain.example.org',
'10.111.112.113',
'[2001:db8::1]'
],
But it think it does not solve your problem.
It is more the name of the Nextcloud for user/client access.
But this is not your problem.
I don’t think so too, but it’s worth a try, on v13 it helped with initial setup, another thing is you can say autotrust federated servers in the configuration of the webinterface
make sure to use overwriteprotocol, when I remember correctly, that was the point that solved initial setup for me last time
what is overwriteprotocol? it`s a2enmod rewrite? yes. But it’s still not solved。
yes. I put the FQDN of two servers in “trusted_ Domains”.But it’s still not solved.