cctl01

joined 2 years ago
sorted by: new top controversial old
Nextcloud behind Cloudflare zero trust in c/selfhosted@lemmy.world
[–] cctl01@feddit.nl 1 points 10 hours ago* (last edited 10 hours ago)

This worked great. For those looking to apply the same solution. And running Nextcloud in snap. You need a cert.pem, key.pem and chain.pem file. The latter can be found here: https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/#cloudflare-origin-ca-root-certificate The cert and key can be generated from your Cloudflare Dashboard under Domains > SSL/TLS > Edge Certificate.

Place all three files in /var/snap/nextcloud/12345/certs/live/ where 12345 can vary for you.

Finally sudo nextcloud.enable-https custom cert.pem key.pem chain.pem Profit!

Nextcloud behind Cloudflare zero trust in c/selfhosted@lemmy.world
[–] cctl01@feddit.nl 2 points 1 day ago (3 children)

3 people independently advice dns challenge. They all deserve the same appreciation don't they?

Nextcloud behind Cloudflare zero trust in c/selfhosted@lemmy.world
[–] cctl01@feddit.nl 1 points 1 day ago

Would a bot tell you? 🧐

Nextcloud behind Cloudflare zero trust in c/selfhosted@lemmy.world
[–] cctl01@feddit.nl 1 points 2 days ago (7 children)

Thanks for the reply, among all answers I chose this. Just because it works for me.

Nextcloud behind Cloudflare zero trust in c/selfhosted@lemmy.world
[–] cctl01@feddit.nl 1 points 2 days ago

Thanks for the reply, among all answers I chose this. Just because it works for me.

Nextcloud behind Cloudflare zero trust in c/selfhosted@lemmy.world
[–] cctl01@feddit.nl 1 points 2 days ago

Thanks for the reply, among all answers I chose this. Just because it works for me.

21
Nextcloud behind Cloudflare zero trust (feddit.nl)
 

For some time, I've hidden my nextclould behind CF zero trust. When refreshing certificates via letsencrypt I would manually disable the tunnel, refresh and re-enable the tunnel. Now that letsencrypt will no longer notify me via email I need a more robust (read automated) way of refreshing certs. Do I have any options other than disabling zero trust? (the advantage would be I no longer need vpn to have the mobile app working).