Great video. Looking forward to the next one as well. There's tons of videos on how to install Nextcloud but few on how to access it safely outside of the local network.
Awesome video, thank you Don 👍 Zerotier ftw. Up until recently, Zerotier has been built more with a bootstrap capitalization ethos, . . . more than its "independent" peers, tailscale and twingate. Flavor of governance makes a difference.
You’re not quite correct re. ZeroTier. With the free version, can only have 1 admin, but there’s no concept of ‘user’ in ZeroTier. You don’t need to login with a user id and password to connect to a server with ZeroTier, you just need to run their agent software on the devices you’re using to connect (and on the server, of course). What it does is give you a virtual network with its own IP range. All you need to do with your admin account is grant new clients permission to connect to your virtual network, which you only need to do once.
what seems more straightforward is a strict ssl tunnel with a reverse proxy. for example, cloudflare tunnels to generate an ssl with letsencrypt along with traefik. you don’t open any ports for each service, as traefik handles it and the tunnels don’t have you poke holes on your firewall. it is end to end so you don’t have to enable http over 80. you can even tie it to domains, email, and docker compose containers for individual services using multiple tunnels from nextcloud instances, dashboards, nas stuff, home automation, webservers on a pi, etc.
What about privacy when using these services? You do not talk about that at all. Since your data goes through the servers of these companies, so they know what you do. (In case of tailscale and pajamas) Thanks!
14:35, hi bro I opened my port 51820 but it didn´t work, I saw in the portainer ports and said 51820 and 51821 so I opened 51821 port in my router and tried my ip-address-server:51821 and finally could access the front end, and after I add a new user in my phone realized I needed the 51820 to access internet, so I had to open both ports in protocol UDP/TCP
Hi; I'm slighty confused. Could use a little guidance. I have Tailscale successfully installed on my CasaOS. I have NextCloud installed on the CasaOs, but still can't seem to figure out how to access the Nextcloud remotely. Is the NextCloud supposed to have its own Public IP and subsequently added to Tailscale as a "New Machine"? When I type "IP A" I get the the tailscale IP of my CasaOS...not necessarily a specific IP for Nextcloud itself...unless they are one in the same. Or do I use the CasaOs Tailscale IP and the Nextcloud Port to access Nextcloud direclty? Do I need to configure port forwarding somehow? Help please...thanks
Have you tried to ues cloudflare tunnel for the same purpose? It does not require setting at the client side but register a domain name in cloudflare. I am about to get access to the nextcloud that run behind my home router and download files from it. However, the upload is not working. It seems tht cloudflare tunnel does not support POST method.
I would love to see the way using a domain. I tried to set it up but I get a problem accessing I get a 502 error code :(. Also I'm trying through docker with cloud flare.
Defo one way to do it. Personally i like the ease of buying a domain on namecheap or somewhere, setting up cloud flare zero trust tunnel and do access that way. But this looks like a similar thing, with a little more work and not using a domain name
Hello! Great tutorial! I am currently running the latest Truenas Scale, with Tailscale and Nextcloud installed. I can reach the Truenas webGUI, but how can I access my Nextcloud from outside the network as well? This runs at port 9001 for the moment...
@@JackHartwig Yeah, I didnt understand that as soon as I was connected through Tailscale, I could just use internal lan-adresses (192.168.x.x) etc, to reach the services...once I did, all did work juat fine. And still are :-)
what is portainer and how is it connected to the nextcloud setup? I'm following along and am being derailed by not understanding how to change the port configuration without this portainer software
Hey, thanks for the video. I have Tailscale installed and it's working great I can access my Nextcloud remotely, however, my editing apps are not running on the Tailscale login. OpenOffice or Collabora. They work fine without the VPN on the standard address. Any ideas?
Cloudflare will shut your tunnel down if you use too much data. It's only meant for websites. Any kind of large files or video will cause it to become degraded. I had to delete the tunnel and recreate it with new FQDN's to fix it. Now I just use a VPN into my home network to access anything with heavy data use and use cloudflare tunnel for all of my website based services such as proxmox or uptime Kuma.
@@llortaton2834 no...only the url of the tunnel...external port to internal port...encrypted end2end...now the server side stuff needs to be locked down for sure. (decent passwords, fail2ban and the like)
@@llortaton2834 yes. But they have a Eula that said it's only meant for websites or the like. No big files. No video stream. It'll work for a while but for me I started to get degraded status on my tunnel after a month of jellyfin.
I'm trying to access my nextcloud server outside of my home network using port forwarding. My nextcloud server is a raspberry pi 3 model B. I think I have port forwarding set up with my xfinity modem/router, which is a TG3482G. But how do you get a device that you port forward to, to respond do access from outside the network? Do you have to set up something inside the server to intercept the request, or is that done on the client end? From what I've read, you have to give it access to port 80 of the nextcloud server, which it appears i have. Port 80 is the port for http. What exactly initiates the response? And, what IP address should I use? My WAN IP address or my Gateway address. And, I understand that my routers address is my Gateway address, so I assume it's my Gateway address.
I would suggust not using this kind of service for anything remotely personal, you're basically exposing your service to the internet and trusting whoever hosts pyjam with your unencrypted traffic. You're terminating ssl at pyjam, which then forwards the unencrypted traffic over wireguard to your server, so pyjam actually has the unencrypted data in transit.
Help Please! I beg you! thanks for all this tutorials. I was looking a way to change parameters like php_value memory_limit, max_connection_time, etc. I've been making changes to any .htaccess, php.ini or config.php file I see anywhere and I couldn't find a way to increase those limits. This are the limits I need. Thanks! php_value memory_limit 4G php_value upload_max_filesize 32G php_value post_max_size 32G php_value max_input_time 7200 php_value max_execution_time 7200
you need to add those in your ENVIRONMENT so edit the nextcloud container and duplicate/edit -> Env -> name = PHP_MEMORY_LIMITE -> value 1024M and so forth for the other settings and deploy again
Great video. Looking forward to the next one as well. There's tons of videos on how to install Nextcloud but few on how to access it safely outside of the local network.
Awesome video, thank you Don 👍
Zerotier ftw.
Up until recently, Zerotier has been built more with a bootstrap capitalization ethos, . . . more than its "independent" peers, tailscale and twingate. Flavor of governance makes a difference.
You’re not quite correct re. ZeroTier. With the free version, can only have 1 admin, but there’s no concept of ‘user’ in ZeroTier. You don’t need to login with a user id and password to connect to a server with ZeroTier, you just need to run their agent software on the devices you’re using to connect (and on the server, of course). What it does is give you a virtual network with its own IP range. All you need to do with your admin account is grant new clients permission to connect to your virtual network, which you only need to do once.
Always very knowledgeable and generous in sharing your knowledge.
Thanks;
tnx man you helped me a lot with tailscale and nextcloud it worked perfectly
what seems more straightforward is a strict ssl tunnel with a reverse proxy. for example, cloudflare tunnels to generate an ssl with letsencrypt along with traefik. you don’t open any ports for each service, as traefik handles it and the tunnels don’t have you poke holes on your firewall. it is end to end so you don’t have to enable http over 80. you can even tie it to domains, email, and docker compose containers for individual services using multiple tunnels from nextcloud instances, dashboards, nas stuff, home automation, webservers on a pi, etc.
Love this idea! I'll try to implement that way.
Thanks Don
Looking forward to the domain method details
Paul
@1:54 - what about Cloudflare /w nginx proxy manager ?
or Cloudflare own proxy ?
that will be next video
What about privacy when using these services? You do not talk about that at all. Since your data goes through the servers of these companies, so they know what you do. (In case of tailscale and pajamas)
Thanks!
Thats what youtube is. You have to make your own opinion. I would never use those services. I host my own wireguard server and i am good to go.
14:35, hi bro I opened my port 51820 but it didn´t work, I saw in the portainer ports and said 51820 and 51821 so I opened 51821 port in my router and tried my ip-address-server:51821 and finally could access the front end, and after I add a new user in my phone realized I needed the 51820 to access internet, so I had to open both ports in protocol UDP/TCP
Hi; I'm slighty confused. Could use a little guidance. I have Tailscale successfully installed on my CasaOS. I have NextCloud installed on the CasaOs, but still can't seem to figure out how to access the Nextcloud remotely. Is the NextCloud supposed to have its own Public IP and subsequently added to Tailscale as a "New Machine"? When I type "IP A" I get the the tailscale IP of my CasaOS...not necessarily a specific IP for Nextcloud itself...unless they are one in the same. Or do I use the CasaOs Tailscale IP and the Nextcloud Port to access Nextcloud direclty? Do I need to configure port forwarding somehow? Help please...thanks
how do you add the configuration for the port 5080?
Exactly what I am trying to figure out
Okay I figured it out. You have to select on Duplicate/Edit. I think you can figure it out from there.
Do I run the tailscale installation script from the terminal within Nextcloud…in order for Nextcloud to appear on the list of tailscale machines?
Have you tried to ues cloudflare tunnel for the same purpose? It does not require setting at the client side but register a domain name in cloudflare. I am about to get access to the nextcloud that run behind my home router and download files from it. However, the upload is not working. It seems tht cloudflare tunnel does not support POST method.
I would love to see the way using a domain. I tried to set it up but I get a problem accessing I get a 502 error code :(. Also I'm trying through docker with cloud flare.
Defo one way to do it. Personally i like the ease of buying a domain on namecheap or somewhere, setting up cloud flare zero trust tunnel and do access that way. But this looks like a similar thing, with a little more work and not using a domain name
What do you think of using Cloudflare tunnel? What's the con of using Cloudflare tunnel instead of tailgate?
Cloudflare tunnels are very easy to do if you have your domain with cloudflare. That's what I am using.
some people say using cloudflare tunnels for ur nextcloud may slow down the speed
Hello! Great tutorial! I am currently running the latest Truenas Scale, with Tailscale and Nextcloud installed. I can reach the Truenas webGUI, but how can I access my Nextcloud from outside the network as well? This runs at port 9001 for the moment...
Same here. Did you ever figure out the best approach?
@@JackHartwig Yeah, I didnt understand that as soon as I was connected through Tailscale, I could just use internal lan-adresses (192.168.x.x) etc, to reach the services...once I did, all did work juat fine. And still are :-)
what is portainer and how is it connected to the nextcloud setup?
I'm following along and am being derailed by not understanding how to change the port configuration without this portainer software
Hey, thanks for the video. I have Tailscale installed and it's working great I can access my Nextcloud remotely, however, my editing apps are not running on the Tailscale login. OpenOffice or Collabora. They work fine without the VPN on the standard address. Any ideas?
Why dont use claudflare tunnels ? This is more complicated. Any benefits over claudflare tunnels ?
Cloudflare will shut your tunnel down if you use too much data. It's only meant for websites. Any kind of large files or video will cause it to become degraded. I had to delete the tunnel and recreate it with new FQDN's to fix it. Now I just use a VPN into my home network to access anything with heavy data use and use cloudflare tunnel for all of my website based services such as proxmox or uptime Kuma.
Cloudflare tunnels are open to the internet no?
@@llortaton2834 no...only the url of the tunnel...external port to internal port...encrypted end2end...now the server side stuff needs to be locked down for sure. (decent passwords, fail2ban and the like)
@@llortaton2834 yes. But they have a Eula that said it's only meant for websites or the like. No big files. No video stream. It'll work for a while but for me I started to get degraded status on my tunnel after a month of jellyfin.
@NovaspiritTech Which Linux distro are you using btw?
debian + kde
I'm trying to access my nextcloud server outside of my home network using port forwarding. My nextcloud server is a raspberry pi 3 model B. I think I have port forwarding set up with my xfinity modem/router, which is a TG3482G. But how do you get a device that you port forward to, to respond do access from outside the network? Do you have to set up something inside the server to intercept the request, or is that done on the client end? From what I've read, you have to give it access to port 80 of the nextcloud server, which it appears i have. Port 80 is the port for http. What exactly initiates the response? And, what IP address should I use? My WAN IP address or my Gateway address. And, I understand that my routers address is my Gateway address, so I assume it's my Gateway address.
Thanks Don.
No tailscale funnel?
Is ngrok good?
You can set auth there
Bro my isp is just providing me a private ip not public one. Can I use WireGuard?
waiting for a video on cloudflare tunnel, i tried to configure but its not working for me.
i have my nextcloud with a domain but the accounts have long and complicated passwords and 2fa too but I do host my own VPN at home.
I would suggust not using this kind of service for anything remotely personal, you're basically exposing your service to the internet and trusting whoever hosts pyjam with your unencrypted traffic.
You're terminating ssl at pyjam, which then forwards the unencrypted traffic over wireguard to your server, so pyjam actually has the unencrypted data in transit.
yeah...they can wireshark traffic if they wanted to...and you would be none the wiser...
I like pivpn to configure WireGuard
I just setup nextcloud remote acess using cloudflare tunneling in less than 5 min.
IAm using a tplink dns it works
nextclud and a rocket chat
Zerotier selfhosted?
Where is the video on how to host nextcloud with own domain?
I think it was called the "mini next cloud" something something where he makes a 3d print case for RPi and stuff
I am not sure tho
Unlike Tailscale, Zerotier is user agnostic for connections. All your wife needs is the Zerotier Network ID to connect ;)
zero tier is not more better?
best = headscale
Help Please! I beg you! thanks for all this tutorials. I was looking a way to change parameters like php_value memory_limit, max_connection_time, etc. I've been making changes to any .htaccess, php.ini or config.php file I see anywhere and I couldn't find a way to increase those limits. This are the limits I need. Thanks!
php_value memory_limit 4G
php_value upload_max_filesize 32G
php_value post_max_size 32G
php_value max_input_time 7200
php_value max_execution_time 7200
I have to clarify that I did follow all instructions you left on the "Mini NextCloud Server on Raspberry Pi 5" Video
you need to add those in your ENVIRONMENT so edit the nextcloud container and duplicate/edit -> Env -> name = PHP_MEMORY_LIMITE -> value 1024M and so forth for the other settings and deploy again
nextcloud config file revealed some secret. you should change that
Isn't it dumb to use servises that not use https, http is not so safe
Ngrok works fine without needing port forwarding
By the way, this is an excellent video, but it goes a little too fast for this 65-year-old brain.
a
Tunel + cert + dyndns.