In setting up the Caddy server with a subdomain we need to ensure the
subdomain is a trusted domain and ensure Nextcloud can redirect
correctly by overriding automatic hostname detection. The
trusted_proxies is suggested by the security & setup warnings
message: The reverse proxy header configuration is incorrect, or you
are accessing Nextcloud from a trusted proxy. If not, this is a
security issue and can allow an attacker to spoof their IP address as
visible to the Nextcloud. Use
ip a to find the IP address of the
server. See the reverse proxy configuration
sudo nextcloud.occ config:system:set trusted_domains 0 --value=cloud.example.com sudo nextcloud.occ config:system:set trusted_proxies 0 --value='["184.108.40.206/24"]'
Also set up the overwrite settings as suggested by the security & setup warnings message: You are accessing your instance over a secure connection, however your instance is generating insecure URLs. This most likely means that you are behind a reverse proxy and the overwrite config variables are not set correctly. See the reverse proxy configuration documentation for details.
Another symptom of not having the overwriteprotocol setting is the message The polling url does not start with https despite the login url started with https. Login will not be possible because this might be a security issue. on attempting to connect to the server from a desktop or mobile client.
nextcloud.occ config:system:set overwrite.cli.url --value='https://cloud.example.com' nextcloud.occ config:system:set overwritehost --value='cloud.example.com' nextcloud.occ config:system:set overwriteprotocol --value='https'
Install the recommended Nextcloud apps and two extra ones that I find useful:
nextcloud.occ app:install calendar nextcloud.occ app:install richdocumentscode nextcloud.occ app:install contacts nextcloud.occ app:install mail nextcloud.occ app:install spreed nextcloud.occ app:install groupfolders nextcloud.occ app:install maps
This basic Nextcloud server is now set up and will use for storage the server’s local volume. You can visit https://cloud.example.com, log in as the admin user and visit the Settings Overiew for a review of any security and setup warnings. Also it is good to visit https://scan.nextcloud.com and enter your server URL to check for any security issues with your server. You should see an A+ rating.
Note that the theming app requires the PHP imagick module which is not shipped with the Nextcloud snap due to security concerns. The theming app can not be disabled, and so we can only ignore the security and setup warning: The PHP module “imagick” is not enabled although the theming app is. For favicon generation to work correctly, you need to install and enable this module.
To migrate to using an object store (cheaper and larger data store) see Section 61.24.
Your donation will support ongoing availability and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2022 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0