How can I secure connection to nextcloud?

Guides and tutorials for various stuff. Posted by DietPi users.
Post Reply
xChacox
Posts: 2
Joined: Mon Feb 03, 2020 3:21 pm

How can I secure connection to nextcloud?

Post by xChacox »

Hey so I'm completely new to raspberry pis. I just bought one because I thought It would be fun to make a cloud sever for myself. nextcloud installed on my raspberry pi and noticed that the connection is not secure (using http instead of https). How do I fix this (step by step would be nice as I'm new)? is there any other measures I should take for security? I have already changed my app password and login password. Thanks for your time in advance! :D
User avatar
Joulinar
Posts: 2566
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

Hi,

one small question. Do you need to access Nextcloud from Internet or just from local network only?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
xChacox
Posts: 2
Joined: Mon Feb 03, 2020 3:21 pm

Re: How can I secure connection to nextcloud?

Post by xChacox »

I would like to be able to connect to it outside of the network. I’m still in the process of figuring that out though.
User avatar
Joulinar
Posts: 2566
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

  1. create a clean DietPi installation and complete initial setup
  2. first you would need to have a DynDNS service that allow you to connect from outside world to your home network by using a dynamic domain name. If you already have a DDNS service, you can go to point 5
  3. to get a DDNS domain, you would need to register at https://www.noip.com/ first
  4. if you finished registration process, we can go to install No-IP software on your DietPi device
    • run dietpi-config
    • go to option 8 : Network Options: Misc
    • select No-IP
    • confirm installation
    • once installation of No-IP software is done, select No-IP again
    • enter your login credentials for No-IP
  5. if DDNS is working, continue with next step
  6. ensure Port 80 and 443 are forwarded (from your internet router) correctly to your DietPi device
  7. once ready, run dietpi-software, search and install NextCloud
  8. once installation completed and your system was rebooted, try to connect to your Webserver on http (port 80)
  9. pls try to connect from your LAN as well as from Internet, you should receive the Webserver Default Page
    • once you're able to connect to your Webserver from Internet on http (80), got to point 10. (https - port 443 will not work at this stage)
    • if you are not able to connect on http (80) from internet, you would need to check why and what's wrong with your port forwarding
  10. let's do the SSL certificate now, run dietpi-letsencrypt
  11. install CertBot
  12. once done you will be ask for your Let'sEncrypt information
    • fill in your domain name (No-IP DDNS)
    • fill in your email address
    • set Redirect to ON
    • Apply the setting
  13. once finished (and all services started) you should be able to reach your website on http (80) as well as https (443)
  14. if you are opening the website on http (80) you should be automatically redirected to https (443)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 82
Joined: Sun Mar 15, 2020 5:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Hello, how about I don't have DDNS domain but I have public IP from my provider? Can You help me to enable SSL?
Regards Przemek
User avatar
Joulinar
Posts: 2566
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

You would need to have a DNS to get SSL certificate created, you can simply register on NoIP. It should be a free service and is supported by DietPi.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 82
Joined: Sun Mar 15, 2020 5:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Hi, I do as You told and I can login with https to nextcloud but Firefox tell that is not secure and lock icon is crossed. It is normal?
User avatar
Joulinar
Posts: 2566
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

@przemko

No that's not normal. Usually the connection should be displayed as secured. How do you connect to your NextCloud website? Do you use the same DNS name that you used to create your Letsencrypt certificates?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 82
Joined: Sun Mar 15, 2020 5:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Thanks I login with https://myname.ddns.net/nextcloud/ and it works with secure connection :) but now have error because permissions. I add permissions for dietpi user to write to nextcloud folder when connected by ftp.
@Joulinar can You tell me, if I have ssl now and login with https it will be more secure if I disable http login and delete port forwarding on my router for port 80?
User avatar
Joulinar
Posts: 2566
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

well I guess you still would need http on your router (port-forwarding) to be able to recreate your certificate. Keep in mind that the certificate has a lifetime and would need to be re-created before it expire.

If you use dietpi-letsencrypt to create your certificate, you could set the option Redirect to ON. This should redirect each http request on your webserver to https automatically.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply