Nextclout remote access

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
Phil333
Posts: 2
Joined: Tue Oct 16, 2018 5:57 pm

Nextclout remote access

Post by Phil333 »

Hello everyone :)

I am using dietpi and installed nextcloud.
Everything runs good, but I want to use the nextcloud from outsite my network.

The problem I have is, that I cant reach it, because my router can forward only to ports (not to http:IP/nextcloud).

Where can I catch the port and redirect to that /nextcloud path?

Thanks a lot guys!
User avatar
MichaIng
Site Admin
Posts: 2277
Joined: Sat Nov 18, 2017 6:21 pm

Re: Nextclout remote access

Post by MichaIng »

Webservers by default listen to HTTP requests on port 80 and to HTTPS requests on port 443 and browsers by default sends to this ports as well.

Forward this two accordingly and you should be able to access Nextcloud.
User avatar
WarHawk
Posts: 606
Joined: Thu Jul 20, 2017 8:55 am

Re: Nextclout remote access

Post by WarHawk »

Dangerous to just open those ports directly out (some of the most exploited and targeted ports on the internet)...best recommendation is to create a VPN (use PiVPN)...tunnel in...then thru an encrypted tunnel connect to your nextcloud like you are in a LAN....

You can specify non-standard (above 1024) ports to any port behind your router...but it's always unsafe to just open ports...
User avatar
MichaIng
Site Admin
Posts: 2277
Joined: Sat Nov 18, 2017 6:21 pm

Re: Nextclout remote access

Post by MichaIng »

@WarHawk
Ui now you open a can of worms.

Of course a VPN is the most secure way to access your local network. But then you need to setup a VPN sever and you need to open several ports to access it, which can of course be attacked as well.

And every client, mobile phone, work place PC, friends/family you want you share data with etc, needs a VPN client and your access credentials.
And as well not all public networks allow to use the ports, required for VPN.

If you install Nextcloud and ask how to access via internet/from outside your local network, then you most likely want to sync data with e.g. mobile phone and/or share data with others. A VPN only setup will in most cases break this use case.

So in short:
If you want to to be able to just open a browser or web/cal/carddav client from anywhere to access your Nextcloud, you need to open those HTTP/S ports.

I would put more effort then on securing your webserver as good as possible, enable and enforce HTTPS for encrypted access and of course use a strong password for Nextcloud ;).
That private data, that you need to secure even more, should be simply placed outside of Nextcloud data and the webroot, at best only accessible via SFTP or such at a dedicated non-default port or not shared to the internet at all.
Phil333
Posts: 2
Joined: Tue Oct 16, 2018 5:57 pm

Re: Nextclout remote access

Post by Phil333 »

Funny that you guys also bringing up the topic I am fighing already inside myself.
The Problem is, that not only I, but also my familiy and friends will use the cloud that are no technicans and cant be used with a VPN.

The forwarding was the thing I had in mind but I could not find the right path and file to edit the settings.
Mainly because the dietpi-software is so noobie friendly that it automatically installs all software needed for nextcloud and I just followed the recommendations.

As of habit I tried to find the apache config... (unsuccessfully) and then found at /DietPi/dietpi/conf the config files for nginx...
but changes didnt took any difference.

Checking the nginx status showed no installation.
After using the dietpi-software I saw that my webserver preference was lighttpd... and all software was installed accordingly to that (my mistake ofc).

So I am uninstalling every software right now, change the preference to apache2 and then install it again.

EDIT: I got it working.
My "domain.com" is not directing to /var/www/
To make it perfect I would like to get to the folder /var/www/nextcloud so I can just use "domain.com" instead of "domain.com/nextcloud".

I already tried to change the DocumentRoot of my /etc/apache2/sites-availible/000-default-le-ssl.conf which does redirect to the right folder but nextcloud is giving a error, that the path is missmatching now.

How do I do it correctly?
Thanks for any help!
User avatar
MichaIng
Site Admin
Posts: 2277
Joined: Sat Nov 18, 2017 6:21 pm

Re: Nextclout remote access

Post by MichaIng »

NB: If you change the webservers DocumentRoot, you will break other dietpi-software installs, since it is expected to be /var/www.

As long as you remember this in case and Nextcloud is your only web service/page, then it should work by doing the following:
- Change DocumentRoot to /var/www/nextcloud, as you did, but as well inside /etc/apache2/sites-availible/000-default.conf to be sure.
- And you need to change two settings inside /var/www/nextcloud/config/config.php:

Code: Select all

  'overwrite.cli.url' => 'https://localhost',
  'htaccess.RewriteBase' => '/',
So remove the "nextcloud" from the URLs/paths there.
- At last run ncc maintenance:update:htaccess to apply the new RewriteBase setting to Nextclouds internal .htaccess where pretty URLs are managed, so URLs do not contain the /index.php/ part.
saytinh
Posts: 1
Joined: Fri May 15, 2020 3:36 am

Re: Nextclout remote access

Post by saytinh »

MichaIng wrote: Sun Oct 21, 2018 5:14 pm NB: If you change the webservers DocumentRoot, you will break other dietpi-software installs, since it is expected to be /var/www.

As long as you remember this in case and Nextcloud is your only web service/page, then it should work by doing the following:
- Change DocumentRoot to /var/www/nextcloud, as you did, but as well inside /etc/apache2/sites-availible/000-default.conf to be sure.
- And you need to change two settings inside /var/www/nextcloud/config/config.php:

Code: Select all

  'overwrite.cli.url' => 'https://localhost',
  'htaccess.RewriteBase' => '/',
So remove the "nextcloud" from the URLs/paths there.
- At last run ncc maintenance:update:htaccess to apply the new RewriteBase setting to Nextclouds internal .htaccess where pretty URLs are managed, so URLs do not contain the /index.php/ part.
In my case, it's installed on Raspi 3 with Nextcloud ver 18 on lighttp server. However I've not found 000-default.conf in /etc/lightttp or 'htaccess.RewriteBase' in config.php. Still did the rest of instruction but it doesn't work. Please help me in this case. Thanks
User avatar
Joulinar
Posts: 2032
Joined: Sat Nov 16, 2019 12:49 am

Re: Nextclout remote access

Post by Joulinar »

Hi,

you answered on a 2 years old post. So probably thinks changed in meantime. Next to this, the post you are referring was pointing to Apache web server while you are using Lightttp.

As well it would be good to know what is not working for you exactly!
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply