I am a total newbie, and after the 5-6th try I managed to install nextcloud server on a centos7 machine. I am struggling in linux, can only copy paste commands from the net, but I’d really need this to work if you could help.
I installed Nextcloud (after trying other platforms) because I need 2 main things: document collaboration and screen sharing.
Now that I got almost everything up and running, I just realized that the screen sharing cannot work without https. Since this is so complicated for me, I thought I’d limit our usage to only LAN access. I tried a number of method to install ssl but it’s just not working. Since there is no existing domain associated with our nexcloud server, I cannot have a letsencrypt certificate just for the LAN servername, anyway.
Is there any way that would help me being able to screen share? I thought maybe nextcloud could auto generate certificates but don’t think so. I have sudo installed openssl and was able to generate certificates, but installing it on my php thingie if that’s what I am supposed to do is becoming above my level ftm.
Hi guys! Thanks for your support : ) Yeah I was a little bit disappointed by the time I did not necessarly had available that I have spent on this lol. Especially when the other feature I needed did not work neither We’ll get it evenutually!!
==> I think I did not understand the concept of virtual host (like a web address) that is needed to get an ssl, and that an ssl is needed to get everything working. I’ll set this up with the same ComputingForGeeks link posted by Beltran I used to set up nextcloud successfully.
Collabora Online is not working neither, which was the other reason I wanted to try Nextcloud, we’ll try to fix that later too, maybe fixing the https will fix that too.
Ok, so here is the thing; you CAN enable SSL on your local network, HOWEVER, you won’t be able to use a signed certificate like from letsencrypt. Instead, it will harass you and your users about an untrusted certificate every time you connect.
To enable SSL for your nextcloud instance should be as simple as setting your virtualhost to listen on port 443 instead of 80. You probably should also set up a virtualhost on port 80 to redirect to 443 because your users probably won’t type in the “https://” part.
<VirtualHost 192.168.1.x:80>
REDIRECT permanent / https://192.168.1.x/
</VirtualHost>
<VirtualHost 192.168.1.x:443>
SSLEngine on
# nextcloud configurations here
</VirtualHost>
Of course, a certificate would be a lot better. That means a domain name (try freenom.com!) and a public IP address. In order to enable letsencrypt, you’ll typically need to open port 80 to the outside world, which you can actually do on an as-needed basis when you run certbot. Otherwise, you can keep the outside access closed at your firewall, while allowing your internal systems to access nextcloud on SSL using the public IP address and domain name. Note that I understand there to be other authentication mechanisms for letsencrypt, but I’m not familiar with them and can’t advise you on them.
Thank you very much Larry for the explanation. I ran out of time for now to finish my nextcloud configuration. The concept that I don’t really understand, that brought me to nextcloud at the first place, is how difficult it is to run nextcloud over the LAN only.
It is supposed to be super secure and data safe, but you need absolutely to open it to the internet traffic in the base configuration - I did not understand this the first time. I will finish my configuration as soon as I have some time though! I am still very optimistic with the features offered by nextcloud, I hope I won’t have too much trouble making Collabora work after that.
