• Joel

Enable SSL on your Nextcloud server

Updated: Apr 24, 2020


You need to have completed the first two guides in this series:

  1. How to install Nextcloud on a Raspberry Pi

  2. Setting up Dynamic DNS for your Nextcloud server



In this tutorial, we'll be showing you how to create an SSL certificate for your Nexcloud server. We'll also be doing our best to show you how to configure Port Forwarding on your home router. Port forwarding will essentially provide a path from the Internet to your Nextcloud server. Routers need to be told exactly where information needs to go. Usually, you don't have to worry about such obstacles because 99.9% of home Internet users, only take information from services on the Internet. It's those 0.01%, like yourselves, who need to make something inside your home, available to the Internet. This may sounds scary, however, as long as we use an SSL certificate, along with strong passwords on you Raspberry Pi and your Nextcloud user accounts, then you minimise risk.


Configuring Port Forwarding

You first need to forward ports 80 and 443 (port 80 carries unencrypted website traffic, and port 443 carries encrypted website traffic) to your Raspberry Pi. To do this, you'll need to login to your home router's web page. You'll need to determine your router address to do this. It's usually on a sticker attached to your router. It will almost always start with "192.168..." along with a username and password. Once you have these three things, open up a web browser and enter the address into the address bar. You should then be presented with a web page asking for your username and password, which you grabbed from the sticker.

Now that you're logged into your router, you need to find the Port Forward settings page. It will usually be found under a 'Security' heading. Once you've found it, you'll need to create two rules; one for port 80 and another for port 443.

Here's an example of adding the port 80 rule on a Virgin home router:

Once you've added both rules and your router's rebooted, you should be ready for the next step.


Creating your SSL certificate with Let's Encrypt

You'll first need to install 'Certbot':

$ sudo apt-get install python-certbot-apache

Once that's installed you'll need to run the following to create your certificate. You will need to enter the domain name that you setup in the previous guide:

$ sudo certbot --apache -m your@email.com -d joescloud.dynamic-dns.net -d www.joescloud.dynamic-dns.net

During the installation you may be asked which virtual host you would like to choose. Choose the option that has 'HTTPS' in the third column. You may then be prompted to choose whether or not to redirect HTTP traffic; choose 'Redirect'.


Configuring trusted domains

You'll now need to configure the trusted domains in your Nextcloud configuration file. To do this type the following command:

$ sudo nano /var/www/nextcloud/config/config.php

Now add the four entries which are in bold, changing them to your setup. Save the file by pressing <Ctrl> + x followed by Y and then press <Enter>. (Don't forget the commas at the end of each entry).

$CONFIG = array (
  'instanceid' => 'ocvtfvhdwjai',
  'passwordsalt' => 'O18XcdsdsdcQfFuN8AkvVf+e87',
  'secret' => 'Mkk/o5h319wsdG/vl1jEZGnlZRZqJYSs9iUM',
  'trusted_domains' =>
  array (
    0 => '',
    1 => 'www.joescloud.dynamic-dns.net',
    3 => 'https://www.joescloud.dynamic-dns.net',
    4 => 'https://joescloud.dynamic-dns.net',
  'datadirectory' => '/media/data',
  'dbtype' => 'mysql',
  'version' => '',
  'overwrite.cli.url' => '',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'nextcloud',
  'installed' => true,

Now is restart the Apache2 service:

$ sudo systemctl restart apache2

The certificate expires after three months, so you'll have to create a cron job to automatically renew the certificate every month. To do this run the command below:

$ sudo crontab -e

You'll be asked which editor to use, choose 'nano'. Add the following line to the bottom of this file and save the file by pressing <Ctrl> + x followed by Y and then press <Enter>:

0 1 * * * /usr/bin/certbot renew & > /dev/null

That's it, you should now be able to visit your Nextcloud server from outside your home, by typing in your domain into a web browser, or downloading the Nextcloud app.

1,620 views0 comments

Recent Posts

See All