I installed Nextcloud using docker images and for the moment it is running fine. I installed nginx with WAF (mod_security) in order to implement https on my cloud server, in order not to expose directly nextcloud to internet. However I had to disable some events preventing nextcloud to work well due to usage of specific HTTP methods such as PUT, PROPFIND, etc which mod security is blocking normally.
Now I would like to enforce again security with MFA for NextCloud. Does someone have experience with this ?
Note that officially mod_securityis not supported with Nextcloud.
In any case, others have found some ways of using it, but my impression is so many rules have to be disabled that it’s debatable how useful it remains. Use the search function here on the forums and you’ll find other people’s experiences.
Thanks for your feedback John. This is exactly my current concern. I think it is still worth having it in place, I did not deactivate so many events by the way, but I don’t like to allow such methods as HTTP PUT, etc. on Internet without strict control. Today I made a strict restriction with firewall but that obliges to have fix IP address. That’s why I would really like to enforce security by other means, especially MFA. So I would really enjoy to know if people could implement MFA with Nextcloud and how they made it work.