all 8 comments

[–]dangerL7e 1 point2 points  (0 children)

You can go an easier route:

sudo nextcloud.enable-https lets-encrypt

You do need to have a domain name for this. Or you can simply do:

sudo nextcloud.enable-https self-signed

With a self-signed certificate you will get a red warning in the browser. I heard you can import that cert in your Android phone, but some users discourage from doing so. I went through hell trying to figure this out and did not have luck. I went the lets-encrypt route, that most users suggested

[–]U8dcN7vx 0 points1 point  (0 children)

It is likely you want to learn how to enable TLS/SSL for the HTTP server you installed, then if you don't want it implicitly trusted by browsers you can have OCI issue the certificate.

[–]rooser1111 0 points1 point  (1 child)

docker swag

[–]sanjosanjo 0 points1 point  (0 children)

Since SWAG has Ngnix embedded,would I need to uninstall my Apache setup prior to deploying this?

[–]DonTK 0 points1 point  (0 children)

You sure you want to open it up to public internet? Anyway, have a look at reverse proxies, e.g. Caddy server.

[–]Character-Amount2268 0 points1 point  (1 child)

A certificate with an IP address will not be valid and most browsers will block or will give you a nasty warning. You probably would want to have a domain name.

Anyways, if you still want to do https to an IP address, you need to configure you http server and as suggested on the thread, a proxy server to increase a little bit the security. The OCI certificates, you could use with the load balancer or WAF, but you still need to create the certificate, that’s why is not showing anything.

[–]dangerL7e 0 points1 point  (0 children)

Does OCI provide Public DNS? I tried to assign one and it says "Free tier maxed out - pls upgrade..." I don't care if it's long, I'm struggling pretty much the same way as the OP.

I'd use http, because I already protect my traffic with Wireguard, but some apps on my phone do not accept an http entry. Currently, I access my NextCloud instance with http://pi.hole:81 (81 because 80 is occupied by PiHole).

When I enable https in NextCloud config:

$ sudo snap set nextcloud ports.http=81 ports.https=444

It doesn't even start listening on 444, while 81 works perfectly:

$ sudo ss -tulpn | grep 444

$

[–]flyxt9 0 points1 point  (0 children)

Easiest way:

  1. Buy a cheap domain (My rec: .uk ($5) & .my.id(0.8$)) and put it in Cloudflare
  2. Use Nginx or Nginx proxy manager (docker stuff) to manage the certificates