Great video. Looking forward to the next one as well. There's tons of videos on how to install Nextcloud but few on how to access it safely outside of the local network.
Awesome video, thank you Don 👍 Zerotier ftw. Up until recently, Zerotier has been built more with a bootstrap capitalization ethos, . . . more than its "independent" peers, tailscale and twingate. Flavor of governance makes a difference.
You’re not quite correct re. ZeroTier. With the free version, can only have 1 admin, but there’s no concept of ‘user’ in ZeroTier. You don’t need to login with a user id and password to connect to a server with ZeroTier, you just need to run their agent software on the devices you’re using to connect (and on the server, of course). What it does is give you a virtual network with its own IP range. All you need to do with your admin account is grant new clients permission to connect to your virtual network, which you only need to do once.
What about privacy when using these services? You do not talk about that at all. Since your data goes through the servers of these companies, so they know what you do. (In case of tailscale and pajamas) Thanks!
what seems more straightforward is a strict ssl tunnel with a reverse proxy. for example, cloudflare tunnels to generate an ssl with letsencrypt along with traefik. you don’t open any ports for each service, as traefik handles it and the tunnels don’t have you poke holes on your firewall. it is end to end so you don’t have to enable http over 80. you can even tie it to domains, email, and docker compose containers for individual services using multiple tunnels from nextcloud instances, dashboards, nas stuff, home automation, webservers on a pi, etc.
Defo one way to do it. Personally i like the ease of buying a domain on namecheap or somewhere, setting up cloud flare zero trust tunnel and do access that way. But this looks like a similar thing, with a little more work and not using a domain name
I would love to see the way using a domain. I tried to set it up but I get a problem accessing I get a 502 error code :(. Also I'm trying through docker with cloud flare.
Have you tried to ues cloudflare tunnel for the same purpose? It does not require setting at the client side but register a domain name in cloudflare. I am about to get access to the nextcloud that run behind my home router and download files from it. However, the upload is not working. It seems tht cloudflare tunnel does not support POST method.
14:35, hi bro I opened my port 51820 but it didn´t work, I saw in the portainer ports and said 51820 and 51821 so I opened 51821 port in my router and tried my ip-address-server:51821 and finally could access the front end, and after I add a new user in my phone realized I needed the 51820 to access internet, so I had to open both ports in protocol UDP/TCP
Hey, thanks for the video. I have Tailscale installed and it's working great I can access my Nextcloud remotely, however, my editing apps are not running on the Tailscale login. OpenOffice or Collabora. They work fine without the VPN on the standard address. Any ideas?
I would suggust not using this kind of service for anything remotely personal, you're basically exposing your service to the internet and trusting whoever hosts pyjam with your unencrypted traffic. You're terminating ssl at pyjam, which then forwards the unencrypted traffic over wireguard to your server, so pyjam actually has the unencrypted data in transit.
Hello! Great tutorial! I am currently running the latest Truenas Scale, with Tailscale and Nextcloud installed. I can reach the Truenas webGUI, but how can I access my Nextcloud from outside the network as well? This runs at port 9001 for the moment...
@@JackHartwig Yeah, I didnt understand that as soon as I was connected through Tailscale, I could just use internal lan-adresses (192.168.x.x) etc, to reach the services...once I did, all did work juat fine. And still are :-)
I'm trying to access my nextcloud server outside of my home network using port forwarding. My nextcloud server is a raspberry pi 3 model B. I think I have port forwarding set up with my xfinity modem/router, which is a TG3482G. But how do you get a device that you port forward to, to respond do access from outside the network? Do you have to set up something inside the server to intercept the request, or is that done on the client end? From what I've read, you have to give it access to port 80 of the nextcloud server, which it appears i have. Port 80 is the port for http. What exactly initiates the response? And, what IP address should I use? My WAN IP address or my Gateway address. And, I understand that my routers address is my Gateway address, so I assume it's my Gateway address.
Cloudflare will shut your tunnel down if you use too much data. It's only meant for websites. Any kind of large files or video will cause it to become degraded. I had to delete the tunnel and recreate it with new FQDN's to fix it. Now I just use a VPN into my home network to access anything with heavy data use and use cloudflare tunnel for all of my website based services such as proxmox or uptime Kuma.
@@llortaton2834 no...only the url of the tunnel...external port to internal port...encrypted end2end...now the server side stuff needs to be locked down for sure. (decent passwords, fail2ban and the like)
@@llortaton2834 yes. But they have a Eula that said it's only meant for websites or the like. No big files. No video stream. It'll work for a while but for me I started to get degraded status on my tunnel after a month of jellyfin.
Help Please! I beg you! thanks for all this tutorials. I was looking a way to change parameters like php_value memory_limit, max_connection_time, etc. I've been making changes to any .htaccess, php.ini or config.php file I see anywhere and I couldn't find a way to increase those limits. This are the limits I need. Thanks! php_value memory_limit 4G php_value upload_max_filesize 32G php_value post_max_size 32G php_value max_input_time 7200 php_value max_execution_time 7200
you need to add those in your ENVIRONMENT so edit the nextcloud container and duplicate/edit -> Env -> name = PHP_MEMORY_LIMITE -> value 1024M and so forth for the other settings and deploy again
Great video. Looking forward to the next one as well. There's tons of videos on how to install Nextcloud but few on how to access it safely outside of the local network.
Awesome video, thank you Don 👍
Zerotier ftw.
Up until recently, Zerotier has been built more with a bootstrap capitalization ethos, . . . more than its "independent" peers, tailscale and twingate. Flavor of governance makes a difference.
You’re not quite correct re. ZeroTier. With the free version, can only have 1 admin, but there’s no concept of ‘user’ in ZeroTier. You don’t need to login with a user id and password to connect to a server with ZeroTier, you just need to run their agent software on the devices you’re using to connect (and on the server, of course). What it does is give you a virtual network with its own IP range. All you need to do with your admin account is grant new clients permission to connect to your virtual network, which you only need to do once.
tnx man you helped me a lot with tailscale and nextcloud it worked perfectly
Thanks Don
Looking forward to the domain method details
Paul
What about privacy when using these services? You do not talk about that at all. Since your data goes through the servers of these companies, so they know what you do. (In case of tailscale and pajamas)
Thanks!
Thats what youtube is. You have to make your own opinion. I would never use those services. I host my own wireguard server and i am good to go.
what seems more straightforward is a strict ssl tunnel with a reverse proxy. for example, cloudflare tunnels to generate an ssl with letsencrypt along with traefik. you don’t open any ports for each service, as traefik handles it and the tunnels don’t have you poke holes on your firewall. it is end to end so you don’t have to enable http over 80. you can even tie it to domains, email, and docker compose containers for individual services using multiple tunnels from nextcloud instances, dashboards, nas stuff, home automation, webservers on a pi, etc.
Love this idea! I'll try to implement that way.
how do you add the configuration for the port 5080?
Exactly what I am trying to figure out
Okay I figured it out. You have to select on Duplicate/Edit. I think you can figure it out from there.
Defo one way to do it. Personally i like the ease of buying a domain on namecheap or somewhere, setting up cloud flare zero trust tunnel and do access that way. But this looks like a similar thing, with a little more work and not using a domain name
Thanks Don.
I would love to see the way using a domain. I tried to set it up but I get a problem accessing I get a 502 error code :(. Also I'm trying through docker with cloud flare.
Have you tried to ues cloudflare tunnel for the same purpose? It does not require setting at the client side but register a domain name in cloudflare. I am about to get access to the nextcloud that run behind my home router and download files from it. However, the upload is not working. It seems tht cloudflare tunnel does not support POST method.
14:35, hi bro I opened my port 51820 but it didn´t work, I saw in the portainer ports and said 51820 and 51821 so I opened 51821 port in my router and tried my ip-address-server:51821 and finally could access the front end, and after I add a new user in my phone realized I needed the 51820 to access internet, so I had to open both ports in protocol UDP/TCP
@1:54 - what about Cloudflare /w nginx proxy manager ?
or Cloudflare own proxy ?
that will be next video
What do you think of using Cloudflare tunnel? What's the con of using Cloudflare tunnel instead of tailgate?
Cloudflare tunnels are very easy to do if you have your domain with cloudflare. That's what I am using.
some people say using cloudflare tunnels for ur nextcloud may slow down the speed
I just setup nextcloud remote acess using cloudflare tunneling in less than 5 min.
i have my nextcloud with a domain but the accounts have long and complicated passwords and 2fa too but I do host my own VPN at home.
Hey, thanks for the video. I have Tailscale installed and it's working great I can access my Nextcloud remotely, however, my editing apps are not running on the Tailscale login. OpenOffice or Collabora. They work fine without the VPN on the standard address. Any ideas?
I would suggust not using this kind of service for anything remotely personal, you're basically exposing your service to the internet and trusting whoever hosts pyjam with your unencrypted traffic.
You're terminating ssl at pyjam, which then forwards the unencrypted traffic over wireguard to your server, so pyjam actually has the unencrypted data in transit.
yeah...they can wireshark traffic if they wanted to...and you would be none the wiser...
Tunel + cert + dyndns.
No tailscale funnel?
Hello! Great tutorial! I am currently running the latest Truenas Scale, with Tailscale and Nextcloud installed. I can reach the Truenas webGUI, but how can I access my Nextcloud from outside the network as well? This runs at port 9001 for the moment...
Same here. Did you ever figure out the best approach?
@@JackHartwig Yeah, I didnt understand that as soon as I was connected through Tailscale, I could just use internal lan-adresses (192.168.x.x) etc, to reach the services...once I did, all did work juat fine. And still are :-)
Is ngrok good?
You can set auth there
waiting for a video on cloudflare tunnel, i tried to configure but its not working for me.
I'm trying to access my nextcloud server outside of my home network using port forwarding. My nextcloud server is a raspberry pi 3 model B. I think I have port forwarding set up with my xfinity modem/router, which is a TG3482G. But how do you get a device that you port forward to, to respond do access from outside the network? Do you have to set up something inside the server to intercept the request, or is that done on the client end? From what I've read, you have to give it access to port 80 of the nextcloud server, which it appears i have. Port 80 is the port for http. What exactly initiates the response? And, what IP address should I use? My WAN IP address or my Gateway address. And, I understand that my routers address is my Gateway address, so I assume it's my Gateway address.
I like pivpn to configure WireGuard
Why dont use claudflare tunnels ? This is more complicated. Any benefits over claudflare tunnels ?
Cloudflare will shut your tunnel down if you use too much data. It's only meant for websites. Any kind of large files or video will cause it to become degraded. I had to delete the tunnel and recreate it with new FQDN's to fix it. Now I just use a VPN into my home network to access anything with heavy data use and use cloudflare tunnel for all of my website based services such as proxmox or uptime Kuma.
Cloudflare tunnels are open to the internet no?
@@llortaton2834 no...only the url of the tunnel...external port to internal port...encrypted end2end...now the server side stuff needs to be locked down for sure. (decent passwords, fail2ban and the like)
@@llortaton2834 yes. But they have a Eula that said it's only meant for websites or the like. No big files. No video stream. It'll work for a while but for me I started to get degraded status on my tunnel after a month of jellyfin.
IAm using a tplink dns it works
nextclud and a rocket chat
Bro my isp is just providing me a private ip not public one. Can I use WireGuard?
best = headscale
@NovaspiritTech Which Linux distro are you using btw?
debian + kde
Unlike Tailscale, Zerotier is user agnostic for connections. All your wife needs is the Zerotier Network ID to connect ;)
nextcloud config file revealed some secret. you should change that
Zerotier selfhosted?
Isn't it dumb to use servises that not use https, http is not so safe
Ngrok works fine without needing port forwarding
Where is the video on how to host nextcloud with own domain?
I think it was called the "mini next cloud" something something where he makes a 3d print case for RPi and stuff
I am not sure tho
Help Please! I beg you! thanks for all this tutorials. I was looking a way to change parameters like php_value memory_limit, max_connection_time, etc. I've been making changes to any .htaccess, php.ini or config.php file I see anywhere and I couldn't find a way to increase those limits. This are the limits I need. Thanks!
php_value memory_limit 4G
php_value upload_max_filesize 32G
php_value post_max_size 32G
php_value max_input_time 7200
php_value max_execution_time 7200
I have to clarify that I did follow all instructions you left on the "Mini NextCloud Server on Raspberry Pi 5" Video
you need to add those in your ENVIRONMENT so edit the nextcloud container and duplicate/edit -> Env -> name = PHP_MEMORY_LIMITE -> value 1024M and so forth for the other settings and deploy again
By the way, this is an excellent video, but it goes a little too fast for this 65-year-old brain.