Table of Contents
How I Set Up Nextcloud with Cloudflare Tunnel on Proxmox: A Step-by-Step Guide
In this guide, I focus on setting up Cloudflare Tunnel to provide secure, remote access to a Nextcloud instance running in a Proxmox LXC container. You’ll learn how to handle SSL certificate issues, configure trusted domains, and ensure a safe connection without opening ports on your firewall.
For a complete overview of setting up Nextcloud in a Proxmox container, including installation and system configuration, I recommend checking out my comprehensive guide on setting up Nextcloud in Proxmox. That post provides detailed instructions for server preparation, configuring PHP and Apache limits, and more.
Why I Chose Nextcloud and Cloudflare Tunnel
Nextcloud is a powerful, self-hosted alternative to popular cloud storage solutions. By running it on Proxmox, I can take advantage of containerized environments, which makes management more efficient. Additionally, I wanted to access my Nextcloud instance remotely, without exposing my home network directly to the internet. For that, Cloudflare Tunnel is a perfect solution. It creates a secure connection between my server and Cloudflare’s network without the need to open ports on my firewall.
Step 1: Set Up Nextcloud on Proxmox
The first step was to set up Nextcloud inside a Linux container (LXC) on Proxmox. The installation process was relatively straightforward:
- Create a new LXC container on Proxmox using a Turnkey Linux template for Nextcloud.
- Install the necessary dependencies such as Apache, PHP, and MariaDB, which are included in the Turnkey Linux template.
- Configure the Nextcloud instance locally by accessing it via its local IP address. This is crucial for initial setup and troubleshooting before exposing it to the internet.
Step 2: Securing Nextcloud with a Self-Signed SSL Certificate
Since Nextcloud stores personal and sensitive data, I wanted to ensure all connections were encrypted. To achieve this, I generated a self-signed SSL certificate:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nextcloud-selfsigned.key -out /etc/ssl/certs/nextcloud-selfsigned.crt
This command creates both the private key and certificate. Although a self-signed certificate won’t be trusted by browsers, it provides a secure connection during the setup process.
Step 3: Configuring Cloudflare Tunnel for Secure Nextcloud Setup
Next, I set up a Cloudflare Tunnel to securely expose my Nextcloud instance to the internet:
- Install Cloudflare’s
cloudflared
utility on my LXC container.
curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared.deb
- Create a tunnel and map it to my Nextcloud instance using the following command:
cloudflared tunnel create nextcloud
- Configure the tunnel to route traffic to my Nextcloud server:
cloudflared tunnel route dns nextcloud nextcloud.example.com
- Run the tunnel:
cloudflared tunnel run nextcloud
Cloudflare Tunnel securely routes traffic from nextcloud.example.com
to my local Nextcloud instance without the need to open ports on my router, keeping my network safe.
Step 4: Fixing SSL and Domain Issues
One of the challenges I faced during this setup was related to SSL certificate validation. Since I was using a self-signed certificate, Cloudflare couldn’t verify the authenticity of my Nextcloud instance.
To bypass this, I disabled TLS verification in Cloudflare’s tunnel configuration:
ingress:
- hostname: nextcloud.example.com
service: https://192.168.1.100:443
originRequest:
noTLSVerify: true # Disable TLS certificate verification
This allowed the tunnel to pass traffic without validating the self-signed certificate.
Step 5: Adding Trusted Domains in Nextcloud
After successfully setting up the tunnel, I encountered an “Access through untrusted domain” error when accessing Nextcloud from the public domain. This is a built-in security feature in Nextcloud to prevent unauthorized access.
To resolve this, I added the domain nextcloud.example.com
to the list of trusted domains in Nextcloud’s configuration:
- Edit the
config.php
file:
sudo nano /var/www/nextcloud/config/config.php
- Add the following entry to the
trusted_domains
array:
'trusted_domains' => array (
0 => 'localhost',
1 => '192.168.1.100',
2 => 'nextcloud.example.com',
),
- Save the file and restart Apache:
sudo systemctl restart apache2
Step 6: Final Touches and Firewall Configuration
To complete the setup, I ensured that the necessary ports (80 and 443) were open on my firewall. Since ufw
was not installed by default, I had to install it and configure it accordingly:
sudo apt install ufw
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
This step ensured that traffic could reach my Nextcloud instance securely.
Conclusion
After following these steps, I now have a fully functional Nextcloud instance accessible via the domain nextcloud.example.com
. Cloudflare Tunnel ensures that all traffic is securely routed without opening ports on my router, and my data is encrypted with SSL.
While the process had its challenges—particularly around SSL certificates and domain validation—it was a great learning experience. Now, my self-hosted cloud is up and running, providing me with complete control over my files.
If you’re considering setting up Nextcloud with Cloudflare Tunnel on Proxmox, I hope this guide helps you avoid some of the hurdles I faced.
How to Configure Trusted Domains and Resolve IP Access Issues in Nextcloud
If you’re setting up Nextcloud on a local network and want to access it via both a domain name and an internal IP address, you may run into issues with trusted domain configuration or forced HTTPS redirection. Below, we’ll walk through how to adjust Nextcloud’s config.php
file to allow access via IP addresses and domains, along with resolving SSL-related security warnings.
1. Add IP Address to Trusted Domains in Nextcloud
Nextcloud requires any domain or IP address that accesses it to be explicitly added to the list of trusted domains. Follow these steps to ensure your IP address is trusted:
- Access your Nextcloud server and open the
config.php
file located in/var/www/nextcloud/config/
. - Add the IP address of your Nextcloud server to the
trusted_domains
array. For example, if your Nextcloud IP address is192.168.1.100
, the configuration should look like this:
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'nextcloud.yourdomain.com',
2 => 'www.nextcloud.yourdomain.com',
3 => '192.168.1.100',
),
Save the file and exit.
2. Disable Forced HTTPS Redirection (Optional)
Nextcloud often forces HTTPS redirection for security reasons, which can cause issues when accessing the server via an internal IP address, as no SSL certificate is typically configured for the IP. To disable this redirection temporarily:
- Edit the same
config.php
file. - Comment out or remove the following lines:
//'overwrite.cli.url' => 'https://nextcloud.yourdomain.com',
//'overwriteprotocol' => 'https',
This change will stop Nextcloud from automatically redirecting to HTTPS when accessed via an IP address. Remember to restart your web server to apply the changes:
sudo systemctl restart apache2
or
sudo systemctl restart nginx
3. Access Nextcloud via IP Address
Once the configuration changes have been made, you should now be able to access Nextcloud via your IP address, for example: http://192.168.1.100. If you encounter a browser security warning, it is because there is no SSL certificate for the IP address. This is expected and can be safely ignored for internal network use.
4. Re-enabling HTTPS (Optional)
If you need to re-enable HTTPS for your domain while keeping internal IP access functional, you can selectively apply SSL certificates to the domain but not the IP. Alternatively, consider creating a self-signed certificate for the IP, though this may still cause browser warnings.
To re-enable forced HTTPS, simply uncomment or re-add the following lines in config.php
:
'overwrite.cli.url' => 'https://nextcloud.yourdomain.com',
'overwriteprotocol' => 'https',
Make sure to restart your web server after making any changes.
5. Conclusion
By following these steps, you can successfully configure your Nextcloud server to be accessible both via a domain and an internal IP address. Adjusting the config.php
file and temporarily disabling forced HTTPS redirection will allow smoother access for internal syncing and management purposes.
Troubleshooting Nextcloud Configuration Issues: Syncing Errors and Config File Challenges
During the process of configuring my Nextcloud setup on Proxmox, I encountered several issues that required extensive troubleshooting. If you’re facing problems with file syncing or seeing changes reflected in the GUI, the steps I took may help you resolve similar problems. This troubleshooting section outlines my experience, including common pitfalls and the ultimate solution that worked for me.
Identifying the Wrong Config File
Initially, I attempted to modify Nextcloud’s php.ini
and config.php
files to adjust settings such as memory limits, upload limits, and file sync behaviours. However, despite making these changes, they were not reflected in the Nextcloud GUI. After hours of testing, I realized I had been modifying the wrong config file.
Solution: Make sure you are editing the correct configuration file used by your Nextcloud installation. On most setups, this file is located in /etc/php/[version]/apache2/php.ini
, but depending on your environment (e.g., container, Docker, or specific VM setup), the path may differ. Double-check the path to avoid unnecessary troubleshooting steps.
Changes Not Reflecting in the GUI
After locating and editing the correct config file, some changes started reflecting in the Nextcloud GUI, such as memory limits and execution time. However, not all adjustments took effect. In particular, file syncing was still failing, especially for larger media files.
Solution: Restarting services and the entire Nextcloud machine should be the first step. Use the following commands:
sudo systemctl restart apache2
sudo systemctl restart php-fpm
(if using php-fpm)
Rebooting the system can also help, but in my case, it did not solve all the issues. The changes weren’t fully taking effect until a specific update was applied to Nextcloud.
Installing Nextcloud Update
One of the final steps that fixed the syncing issue was installing the available Nextcloud update. I discovered that despite editing all the correct files, the changes only reflected correctly after updating the Nextcloud instance.
Solution: Always ensure you are running the latest version of Nextcloud. You can check for updates directly in the Nextcloud GUI under the Admin panel. In my case, I updated Nextcloud from version 30.0.0 to 30.0.1, and after the update, all config changes were applied successfully. Use the following steps to update:
- Navigate to the Admin panel in Nextcloud.
- Check for updates and follow the on-screen instructions to download and install the latest version.
Final Thoughts: Learning from the Experience
After spending several hours troubleshooting file syncing and configuration issues, the key takeaway was that modifying the correct config file, restarting services, and keeping Nextcloud up to date are all crucial steps. If you’re experiencing similar problems, I hope this guide saves you time and frustration.
By following these troubleshooting steps, my Nextcloud setup is now fully functional, syncing large media files as expected without further errors. If you encounter similar issues, I recommend carefully following each step and ensuring that all changes are applied before continuing with your setup.
Additional Tips:
- Ensure the file permissions are correct, particularly for directories like
/var/www/nextcloud
. - If syncing still fails, double-check the Nextcloud logs (found under
/var/www/nextcloud/data/nextcloud.log
). - Make sure PHP’s
memory_limit
,upload_max_filesize
, andpost_max_size
are set to accommodate larger files.
This section serves as a reference for anyone who might be facing the same challenges, and I will continue to update it as I fine-tune my Nextcloud environment.
Troubleshooting SSL Stapling and Time Zone Issues in Nextcloud
After successfully setting up Nextcloud in a Proxmox LXC container and addressing earlier syncing issues, I encountered some additional challenges related to SSL configuration and time discrepancies. These are common issues that can arise when using self-signed certificates and incorrect time zone settings. Below are the steps I took to resolve these problems.
1. Disabling SSL Stapling for Self-Signed Certificates
One issue I faced was an Apache SSL error related to certificate stapling. Since I was using a self-signed SSL certificate for my Nextcloud instance, SSL stapling was not beneficial and caused errors in my Apache logs. Disabling SSL stapling for self-signed certificates is a straightforward fix.
<VirtualHost *:443>
ServerName nextcloud.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/nextcloud-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/nextcloud-selfsigned.key
# Disable SSL Stapling for self-signed certificates
SSLUseStapling off
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
After making this change, I restarted Apache with the following command:
sudo systemctl restart apache2
Disabling SSL stapling removed the certificate-related errors in the logs, making the setup more stable, even though I’m still using a self-signed certificate.
2. Adjusting the Server Time Zone
Another issue I discovered was that the timestamps in Nextcloud logs were off by two hours, which led to confusion when tracking errors and server activity. This discrepancy was due to an incorrect system time zone setting.
To fix this, I changed the server’s time zone to my local time zone (Europe/Bratislava) using the following commands:
sudo timedatectl set-timezone Europe/Bratislava
I verified the change by checking the current time zone settings:
timedatectl
After adjusting the time zone, the Nextcloud logs started showing the correct time, improving my ability to troubleshoot and manage the system effectively.
3. Ensuring File Permission Integrity for Syncing
During my troubleshooting, I realized that some file syncing issues were related to file and directory permissions. For Nextcloud to function correctly, all files and directories under the Nextcloud installation must be owned by the correct user and have the appropriate permissions.
To ensure this, I ran the following commands:
sudo chown -R www-data:www-data /var/www/nextcloud-data
sudo chmod -R 750 /var/www/nextcloud-data
These commands ensure that Nextcloud has full access to its data directory, fixing issues related to file access and syncing. Once the permissions were set correctly, large files like videos could be uploaded without issues.
Conclusion
By resolving these final configuration challenges—disabling SSL stapling, adjusting the server time zone, and ensuring proper file permissions—my Nextcloud setup became more stable and fully functional. These adjustments, although minor, made a significant difference in the overall reliability and performance of the system. Whether you are dealing with SSL certificate errors or time zone discrepancies, addressing these details ensures a smoother and more efficient Nextcloud experience.
Recommended Products
1. USB 2.5G Ethernet Adapter
2. USB-C 2.5G Ethernet Adapter
3. PCIe 10G Network Card
4. Network Switch with 10G Uplinks
5. High-Speed Ethernet Cable (Cat 6a)
6. Network Performance Monitoring Tool
Why Support Matters
Creating valuable free content is a significant part of our mission but requires resources to maintain and grow. While we are dedicated to providing these resources without charging, they do incur costs. Your support is crucial in helping us continue offering this content. Here’s how you can help:
- Use Affiliate Links: I earn from qualifying purchases as an Amazon Associate. Using our affiliate links for your purchases, you help us earn small commissions that contribute to covering our operational costs, at no extra cost to you.
- Engage and Share: Engage with our content by liking, commenting, and sharing it with others. This increases our reach and attracts more visitors who might support us financially, allowing us to continue providing valuable content.
- Provide Direct Support: Consider donating or subscribing to support the content you value. Even small contributions can make a significant difference and help us sustain our efforts.
Disclaimer
As an Amazon Associate, I earn from qualifying purchases. This means I may earn a commission from qualifying purchases made through affiliate links, at no extra cost to you.
Stay Connected with Us
For exclusive updates, training tips, fitness advice, and more, follow us across all our platforms through one easy link.
👉 Stay Connected for Exclusive Martial Arts & Fitness Tips
Join our community and never miss an update!
Return to the home section.