Remove remote web portal login / Tor

Not sure if I am posting in the right section, feel free to move the topic in another section if it is not the case.

I have set up a personal Nextcloud server (12) on a Debian 9 virtual machine, which runs a Tor hidden service (.onion) on port 80. Remote Linux clients access the Nextcloud server through the Nextcloud client app using SOCKS 5 proxy at (common Tor settings) in the app network settings, while Windows clients access it using the tunnel created by Tor Browser (port 9150 I guess).

It works well, although a bit slow as can be expected. I chose to run the Nextcloud server on Tor for security (natural encryption) and ease of use (no need for port forwarding on the router or static IPs configuration), not for paranoid anonymity needs or criminal reasons.

However, I find out that in order to make it work, I had first to declare the .onion Nexcloud address as trusted in the server config file. I guess it is the usual setting for all configurations, Tor or clearnet. The problem is that now the Nextcloud server portal is accessible through Tor Browser. It is not a very big deal (still protected by username and password), but ideally I would not like the Nextcloud web portal to be remotely accessed. I don’t want users to be able to login through the portal other than through the server’s local IP address (i.e. 192.168.XX.XX).

Is there any way to configure Nextcloud so as the web portal is not remotely accessible, while still enabling the service to be accessible to clients using the Nextcloud client app?

1 Like

mee too / ditto. I don’t know how to use the environment to say “Dear forum bot, whenever anything about this post changes, please notify me (via email or something).”, so I am hoping that this “reply” post will have similar effect. I tried “Like” and “bookmark”, but there seems to be no indication that that will cause a notification when someone will actually reply to the question being asked.