[Support] Linuxserver.io - Nextcloud


Recommended Posts

On 8.3.2017 at 11:59 PM, local.bin said:

For your information nextcloud have created a nice new security checker to check the security on your nextcloud server.

 

Nice tool -> https://scan.nextcloud.com/

 

 

I only get an A because the '__Host-Prefix' Hardening is missing on my server.

Can anyone tell me how to achive this and what it means?

Edited by Marv
Link to comment
2 minutes ago, Marv said:

 

I only get an A because the '__Host-Prefix' Hardening is missing on my server.

Can anyone tell me how to achive this and what it means?

I use the config I posted that is linked from the first page of the thread.  That might help.

Link to comment
15 minutes ago, Marv said:

 

 

So if you get an A+ I guess you are using nextcloud.server.com?

Because I'm using the first way described in your guide with server.com/nextcloud

 

Yep, although there is some discussion on that link I posted about which is the best security wise, nextcloud have decided that nextcloud.server.com is...... :|

Link to comment

It's not linuxserver/nextcloud specific question but I thought here is the best topic as everyone using nextlcloud is reading this topic.

 

Instead of reverse proxy + ssl certificate I was thinking, why don't just use a VPN connection to home router or Unraid server and then connect to lan ip?

 

Isn't it much more secure?

 

Also, if somebody uses another method to connect remotely to his nextcloud I would be interested.

Link to comment
12 minutes ago, karateo said:

It's not linuxserver/nextcloud specific question but I thought here is the best topic as everyone using nextlcloud is reading this topic.

 

Instead of reverse proxy + ssl certificate I was thinking, why don't just use a VPN connection to home router or Unraid server and then connect to lan ip?

 

Isn't it much more secure?

 

Also, if somebody uses another method to connect remotely to his nextcloud I would be interested.

 

You can do that, yes it's more secure, but it does mean everyone who uses your cloud will need a VPN setting up, nothing wrong with that if it fits your use case, but it's a layer of complexity some may not want.  I can imagine my wife's eyes glazing over if I tried that with my setup.  As it is now, her photos from her phone get synced automatically without her having to intervene.

Link to comment
4 hours ago, gshlomi said:

Hi.

Trying to set 'htaccess.RewriteBase' => '/', but trying to run "php occ maintenance:update:htaccess" (as described in the link) inside the docker results in php: command not found.

Any help would be appreciated.

 

Also to run commands for occ, you need to use this format.

 

cd /config/www/nextcloud/
sudo -u abc php7 occ

 

Edited by CHBMB
Link to comment
4 hours ago, CHBMB said:

 

You can do that, yes it's more secure, but it does mean everyone who uses your cloud will need a VPN setting up, nothing wrong with that if it fits your use case, but it's a layer of complexity some may not want.  I can imagine my wife's eyes glazing over if I tried that with my setup.  As it is now, her photos from her phone get synced automatically without her having to intervene.

 

It's only an app to open.

I have a shortcut in Android 1st desktop so it's just one more click to connect and one more click to disconnect.

The problem is the initial configuration but I am past that!

Then you only copy the certificates and the wife.ovpn file to load everything into the app.

 

Thanks for clarifying the security bit.

Link to comment
Just now, karateo said:

 

It's only an app to open.

I have a shortcut in Android 1st desktop so it's just one more click to connect and one more click to disconnect.

The problem is the initial configuration but I am past that!

Then you only copy the certificates and the wife.ovpn file to load everything into the app.

 

Thanks for clarifying the security bit.

 

Oh, I'm very familiar with OpenVPN on Android, use it all the time.   But you clearly haven't met Mrs CHBMB who wouldn't quite see it as "It's only an app to open" :D

  • Upvote 1
Link to comment
2 hours ago, karateo said:

 

It's only an app to open.

I have a shortcut in Android 1st desktop so it's just one more click to connect and one more click to disconnect.

The problem is the initial configuration but I am past that!

Then you only copy the certificates and the wife.ovpn file to load everything into the app.

 

Thanks for clarifying the security bit.

 

Some android clients allow connection when required, so when an IP is being requested on your internal network it automatically connects the VPN and drops on app closure.

 

I went through the same thought process as you, but needed a website up, so port 443 was going to be open anyway.

 

With letsencrypt and https the risks are reduced, but certainly understand your thought process.

 

 

Link to comment
9 minutes ago, local.bin said:

 

Some android clients allow connection when required, so when an IP is being requested on your internal network it automatically connects the VPN and drops on app closure.

 

I went through the same thought process as you, but needed a website up, so port 443 was going to be open anyway.

 

With letsencrypt and https the risks are reduced, but certainly understand your thought process.

 

 

That's pretty cool, my big problem with VPN clients on Android is the battery drain though.  If it weren't for that I'd connect it permanently to my VPN.

Link to comment
4 minutes ago, local.bin said:

 

Some android clients allow connection when required, so when an IP is being requested on your internal network it automatically connects the VPN and drops on app closure.

 

I went through the same thought process as you, but needed a website up, so port 443 was going to be open anyway.

 

With letsencrypt and https the risks are reduced, but certainly understand your thought process.

 

 

 

https only provides the assurance that the server is yours and that the data transmitted is encrypted

everyone can attack your server if you have open ports

 

I don't trust nginx and nextcloud.

You all have read wikileaks latest news.

I don't want to become paranoid but who can tell me that nextcloud doesn't have already a backdoor that very few know!

 

It's all about convenience vs security I think.

 

 

Which andoid app is the one that only connects when a specific ip subnet is triggered?

Link to comment
23 minutes ago, CHBMB said:

That's pretty cool, my big problem with VPN clients on Android is the battery drain though.  If it weren't for that I'd connect it permanently to my VPN.

 

Thats a fair point and not one that I have really tested, as I only really use it for plex when away, so usually have it plugged in on some local wifi.

 

22 minutes ago, karateo said:

 

https only provides the assurance that the server is yours and that the data transmitted is encrypted

everyone can attack your server if you have open ports

 

I don't trust nginx and nextcloud.

You all have read wikileaks latest news.

I don't want to become paranoid but who can tell me that nextcloud doesn't have already a backdoor that very few know!

 

It's all about convenience vs security I think.

 

 

Which andoid app is the one that only connects when a specific ip subnet is triggered?

 

True enough and who knows if nextcloud has a backdoor, as its all getting a bit silly at the moment with security. I use encfs for my private files which get synced to nextcloud, but I may try putting it though openvpn.

 

My issue with openvpn is the bandwidth it can provide to stream a movie, with my current router, but nextcloud likely would not have heavy bandwidth requirements, depending on what you intend using it for I guess.

 

I use this android openvpn client -> https://play.google.com/store/apps/details?id=it.colucciweb.openvpn

 

I find it works very well and has a responsive dev.

Link to comment

I'm trying to pass an additional directory to nextcloud. Everything sets up fine, and when I exec into the container I can see all files in the media1 directory as I would expect. 

However, I don't understand inside the webgui how or if it's even possible to access /media1

I have the following docker create: 

docker create \
--name nextcloud \
-p 443:443 \
-e PUID=1000 -e PGID=1000 \
-v /home/user/docker/containers/nextcloud/config:/config \
-v /home/user/docker/containers/nextcloud/data:/data \
-v /home/user/media1/comics:/media1 \
linuxserver/nextcloud

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.