diff --git a/local-instance.md b/local-instance.md new file mode 100644 index 00000000..d3015659 --- /dev/null +++ b/local-instance.md @@ -0,0 +1,16 @@ +# Local instance +It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. However AIO usually requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally. + +## 1. The recommended way +The recommended way is the following: +1. Set up your domain correctly to point to your home network +1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port). +1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the local ip-address of your reverse proxy +1. Enter the the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server. +1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup + +## 2. Use the ACME DNS-challenge +You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-it-running-using-the-acme-dns-challenge + +## 3. Use Cloudflare +If you do not have any contol over the network, you may think about using Cloudflare Argo Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-it-behind-a-cloudflare-argo-tunnel how to set this up. diff --git a/readme.md b/readme.md index 1dccd658..db43711f 100644 --- a/readme.md +++ b/readme.md @@ -109,6 +109,18 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f ### How to run it behind a Cloudflare Argo Tunnel? Although it does not seems like it is the case but from AIO perspective a Cloudflare Argo Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Argo Tunnel. +### How to run it locally? +If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation how to set it up locally: [local-instance.md](./local-instance.md) + +### Are self-signed certificates supported? +No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). + +### Are other ports than then default 443 for Nextcloud supported? +No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the ACME DNS-challenge or a Cloudflare Argo Tunnel. + +### Can I run Nextcloud in a subdirectory on my domain? +No and it will not be added. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). + ### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others? It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running: ```