Hello everybody,
I am running Nextcloud on a local server through Docker and it is running well when accessing it locally without encryption.
Goals
- Allow external access through a
cloudflared tunnel
- This makes it so I don’t need to open any port or publish my personal IP address in a DNS
- Allow LAN access
- Have desktop and mobile apps automatically use either the tunnel or the local IP depending on which one’s available
Tentative solution
I have managed to give external access through cloudflared
.
The web access worked well and was properly encrypted, but to access it with desktop apps I needed to force HTTPS in the config:
'overwriteprotocol' => 'https',
Forcing HTTPS made local access impossible as I have no certificate configured.
Also, even if I managed to enable local access, I am not sure how I would do to connect clients to both local and tunnel connections to the same Nextcloud instance.
I have read multiple threads here regarding cloudflared
and none have seemed to address my issue.
Questions
-
What is the best practice to share an unsecured server through an SSH tunnel? Is it possible to not require
'overwriteprotocol' => 'https'
? -
How to configure Nextcloud clients so they use an SSH tunnel when out, and a direct connection when on LAN?