Nextcloud HTTPS Setup

Hello,

I installed the latest version of DietPi from the official dietpi vm. I am using VMWare Workstation Pro.
The install of Nextcloud was incredibly easy and painless, however I cannot get HTTPS to work

What does work:
h-t-t-p://ip.address [brings up the Apache2 webpage]
h-t-tp://ip.address/nextcloud [brings up nextcloud http]

What doesn’t work
h-t-t-p-s://ip.address/nextcloud [ error: Not Found The requested URL was not found on this server]

Different web-browsers show there IS a self signed cert, but every time I click accept it takes me an error page which leaves me to believe that the webserver isn’t configured correctly and I have no idea how to configure it such that h-t-t-p-s : // ip.address/nextcloud will work or show up

I’ve see a lot of guides but they all involve opening ports in my router and I don’t have any need for that

I realize that encryption may not really be necessary because I’m at home, but I’d still like to undertake this exercise and see it through

Thanks,

You need to generate SSL certificates to be able to activate HTTPS. This is not working by default. For this you have 2 options.

  1. create an official certificate issued by letsencrypt. There you need to open port 80/443 on your router. Otherwise letsencrypt will not be able to verify your DDNS.

  2. create a self-signed certificate. This is working without port forwarding. However, every modern web browser will complain about invalid certificates.

Anyway, if you don’t plan any external access, no HTTPS configuration needed. You can stay with plain HTTP.

4 Likes

There is a way to build a tunnel to cloudflare and get https continuity, and be able to use nextcloud both inside and outside your network securely

I got a full domain for 1 year for $12…free cloudflare tunnel…and pow…

It’s how I got my own personal vaultwarden (bitwarden) server running on my own network

2 Likes

OP don’t require external access.

cool…then http is all good

Interesting option. I assume Cloudfare provides certs as part of the install?
How might this be different than using PiVPN or OpenVPN?

This has nothing to do with traditional SSL configuration. It will not setup HTTPS on your system.

This Cloudfare solution is basically a completely different method connecting your home network to the internet. You will run a 3rd party app on your system, establishing a permanent connection to Cloudfare cloud. And your mobile client will contact Cloudflare cloud first before connecting to your system. Cloudflare Tunnel · Cloudflare Zero Trust docs

A similar setup could be done using Tailscale

Using a classic VPN will eleminate this cloud connection and you will stay in control of your data and where your system is connecting to.

2 Likes

@Joulinar Thanks for explanation about Cloudfare. I had taken a quick look on their site, saw that they required client s/w and saw reference to getting a .pem file, so thought they might provide specific certs with their app.

Cloudflare handled the request and the certs…when someone goes to your url, it is pointed at their dns servers. they then handled all the certs and redirects thru the tunnel app running behind your firewall, it punches a hole thru establishing a connection…no ports needed to be port forwarded

Exactly…a good VPN inside your network is the most secure because you connect to the VPN then into your home network encrypted and trusted…it makes it hard to get to outside your network…but that is the point

I had no idea CloudFlare tunnels were a thing. It honestly feels like a game changer for the self-hosted community, and solve all of my NextCloud problems

Same…found it about a week ago

My vaultwarden is 100% operational secure thru https end 2 end
Should work just as well with Nextcloud and synthing and the like, as long as it has a https login screen and not just go straight into the webpage (but there is a way to secure that too but takes much more configuring)

It does take more configuring and setting up and actual domain name, but ultimately it makes it easier to setup

I did mine in docker…but YMMV

Not sure if this is a game changer, because you need to connect your system to a 3rd party cloud permanently. Wich is basically the opposite of self-hosting idea, to get independent from global cloud provider.

1 Like

kinda like letsencrypt…

You are self hosting…but the critical end 2 end encryption is handled by a 3rd party…unless you wanna pay a BUNCH of money to become a certificate authority.

This requiers pi4. Is that correct?

What does require a Pi4?