[email protected] Posted July 16, 2019 Share Posted July 16, 2019 Hello, i have an issue with my nextcloud since 2 months. Well, Everything appears to be fine and working but I do not feel kind of fully secure. When I enter my Url of NextCloud, the page is redirected to a warning of a non secure site because my certificate is indicated to be self-signed. Only When I add an exception then I can access Nextcloud. I do the above in Mozilla. Just for the information, I would like to point the following: 1) I followed the instructions of the above video but with no sucess, since there is no online provider that supports free setting of ns servers of my liking. Maybe it is due to the country code I have. 2) I also have vpn server started but I am not using the https://sslforfree.com to verify my site. I think that this issue is not related to this fact. I just mention it to be sure. Any suggestions, so that I maximize my security level is welcome. The best possible solution for me would be to require manual certificate addition in the browser and disallow any exceptions. Below is my nextcloud config.php: Quote <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\------', 'datadirectory' => '/data', 'instanceid' => '-----------------', 'passwordsalt' => '----------------------------------------------', 'secret' => '-----------------------------------------------------------------------------------', 'trusted_domains' => array ( 0 => 'https://<nextcloud server name from duckdns.org>:479', ), 'dbtype' => 'mysql', 'version' => '16.0.2.1', 'overwritehost' => '<nextcloud server name from duckdns.org>:479', 'overwriteprotocol' => 'https', 'overwrite.cli.url' => 'https://<nextcloud server name from duckdns.org>:479', 'dbname' => 'nextcloud', 'dbhost' => '<server name from duckdns.org>', 'dbport' => '3306', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => '------------------------------------------------', 'installed' => true, 'app_install_overwrite' => array ( 0 => 'files_reader', ), ); Some of the information is obscured for my personal security. Thank you in advance, SB Quote Link to comment
denishay Posted July 22, 2019 Share Posted July 22, 2019 Use: - duckdns docker to get a free domain name to redirect to your dynamic IP - let's encrypt docker which comes along with nginx and does create/update your free SSL certificate (the let's encrypt part) and redirects HTTPS calls to your Nextcloud - nextcloud (+maria db or other database) docker I am pretty sure that SpaceInvaderOne did a video on the full setup for nextcloud... This one might help too: https://www.youtube.com/watch?v=I0lhZc25Sro Also, the config will not only be on nextcloud, but also on nginx, as it is your reverse proxy. Typically under "sites" with xxxsitename.conf files iirc. Quote Link to comment
[email protected] Posted July 23, 2019 Author Share Posted July 23, 2019 (edited) Hello, Thanks for the tips about duckdns and nextcloud. I already have done the instructions of SpaceInvader with no problem on these :). About Let's encrypt, let's say that it was not within my initial purposes since it is a close second after VPN server configuration. This is also said by SpaceInvader himself in the video you previously proposed me. Anyway, the reason I resorted to Let's encrypt was because I cannot find a free DNS provider where I could configure my own specific ns server names. They all propose their specific dns providers and in case someone needs to set a different ns server, a premium account is required. I also checked the dns provider that SpaceInvader is proposing in the video with url https://www.youtube.com/watch?v=AS0HydTEuA4&feature=youtu.be, which states cloudflare with a free dns provider ns nameserver proposed by https://www.godaddy.com/. However there is none free. Someone should at least pay an ammount of 1 $ per month I think. For these reasons I installed let's encrypt and my server looks secure as it requires the certificate. What remains is to configure it to listen to port 80 because it is blocked always by my ISP provider. The solution is the first video url of this post, but as you already understand I result in a vicious circle. There are also 2 restrictions. Firstly, I cannot afford to buy the equipment (like the rooter) that spaceinvader is proposing, unless there is a work-arround. Secondly I cannot find a proper dns provider who provides for free (non-premium accounts) the ability to define a TXT Record of 1 sec as proposed in the video you mentioned me in your last post (http://sslforfree.org). If there exists one, could you email it me? Unless there is a work-arround coming of the aformentioned and due to let's encrypt problems, the only option is to continue with my current setup and find a solution of a completely secure nextcloud. The problems I have with nextcloud security are mentioned above in the first post of this topic. I also have another question. I only installed let's encrypt as a docker application. Should I also install nginx? I think it is already included in Let's encrypt. And a very important problem with my let's encrypt is that I cannot access the website of it. I get website timeout with 400 http status. Thanks in advance, SB P.S. I cannot printscreen the website of nextcloud, 'cause I can only see the website from my server Slackware OS (I suppose there is a misconfiguration of nextcloud and let's encrypt combination). Is there a way to do a printscreen in Slackware? Edited July 23, 2019 by [email protected] Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.