How can I secure connection to nextcloud?

Guides and tutorials for various stuff. Posted by DietPi users.
User avatar
Joulinar
Posts: 2090
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

at least for visualisation it would be a cool thing
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
Joulinar
Posts: 2090
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

in addition, maybe this can be used to display the validation date

Code: Select all

openssl x509 -noout -dates -in /etc/letsencrypt/live/example.com/cert.pem
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
MichaIng
Site Admin
Posts: 2295
Joined: Sat Nov 18, 2017 6:21 pm

Re: How can I secure connection to nextcloud?

Post by MichaIng »

Long-term plan is some dietpi-https/dietpi-ssl tool to generate SSL certs from different sources, self-signed, certbot, acme.sh and others. Would contain then enable/disable selection not only for webservers but also for other web applications that run their own internal webserver. There it makes sense to show certificate status, expiry date and others. But I lack the time currently to start working on this :cry:.
User avatar
Joulinar
Posts: 2090
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

hehe. Anyway let's come back to the original topic of recreation the certificates. So for the normal letsencrypt we are save because it will be done automatically. I guess for Emby the transformation into the *.pfx file would still need to be done manually as there is no automation be default.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
MichaIng
Site Admin
Posts: 2295
Joined: Sat Nov 18, 2017 6:21 pm

Re: How can I secure connection to nextcloud?

Post by MichaIng »

Indeed, the non-webserver-based applications one needs to copy the certs in place manually. Or, one could add it as script to /etc/letsencrypt renewal-hooks, so it is done automatically when certbot renews the certs.

Other solution is to grant those applications direct access to the letsencrypt certs/keys, but this is probably not wanted for security reasons and some need those files in different format, Emby *.pfx? Yeah this is exactly what would be nice to have in a dedicated DietPi tool.
przemko
Posts: 70
Joined: Sun Mar 15, 2020 5:40 pm

Re: How can I secure connection to nextcloud?

Post by przemko »

Great, Yhank You very much guys. I know what to do now :D
Regards Przemek
CGA
Posts: 9
Joined: Wed Jul 08, 2020 8:37 am

Re: How can I secure connection to nextcloud?

Post by CGA »

Got everything up and working and I'm now staring at the Nextcloud login page. Probably a stupid question but what's my Nextcloud login credentials and how do I set them up?
User avatar
Joulinar
Posts: 2090
Joined: Sat Nov 16, 2019 12:49 am

Re: How can I secure connection to nextcloud?

Post by Joulinar »

Hi,

did you tried using following as describe on our user manual

username = admin
password = <your global pw>

viewtopic.php?p=3026#p3026
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
CGA
Posts: 9
Joined: Wed Jul 08, 2020 8:37 am

Re: How can I secure connection to nextcloud?

Post by CGA »

Joulinar wrote: Wed Jul 08, 2020 9:16 am Hi,

did you tried using following as describe on our user manual

username = admin
password = <your global pw>

viewtopic.php?p=3026#p3026
Managed to add a user with the occ command but this was certainly easier :). Big thanks!
Sptz
Posts: 16
Joined: Mon Aug 17, 2020 7:31 pm

Re: How can I secure connection to nextcloud?

Post by Sptz »

Joulinar wrote: Mon Feb 03, 2020 8:41 pm
  1. create a clean DietPi installation and complete initial setup
  2. first you would need to have a DynDNS service that allow you to connect from outside world to your home network by using a dynamic domain name. If you already have a DDNS service, you can go to point 5
  3. to get a DDNS domain, you would need to register at https://www.noip.com/ first
  4. if you finished registration process, we can go to install No-IP software on your DietPi device
    • run dietpi-config
    • go to option 8 : Network Options: Misc
    • select No-IP
    • confirm installation
    • once installation of No-IP software is done, select No-IP again
    • enter your login credentials for No-IP
  5. if DDNS is working, continue with next step
  6. ensure Port 80 and 443 are forwarded (from your internet router) correctly to your DietPi device
  7. once ready, run dietpi-software, search and install NextCloud
  8. once installation completed and your system was rebooted, try to connect to your Webserver on http (port 80)
  9. pls try to connect from your LAN as well as from Internet, you should receive the Webserver Default Page
    • once you're able to connect to your Webserver from Internet on http (80), got to point 10. (https - port 443 will not work at this stage)
    • if you are not able to connect on http (80) from internet, you would need to check why and what's wrong with your port forwarding
  10. let's do the SSL certificate now, run dietpi-letsencrypt
  11. install CertBot
  12. once done you will be ask for your Let'sEncrypt information
    • fill in your domain name (No-IP DDNS)
    • fill in your email address
    • set Redirect to ON
    • Apply the setting
  13. once finished (and all services started) you should be able to reach your website on http (80) as well as https (443)
  14. if you are opening the website on http (80) you should be automatically redirected to https (443)
Will this open the entire dietpi sbc to the internet? Including anything like plex, sonarr, etc? Is there a way to just contain for one or two apps?
Post Reply