Nextcloud and Local LAN access after Certificate


#1

Hi all.

I’m busy with a nextcloud instance. All is good and I am ready to obtain a certificate but my query is as follows.
I can access my NC instance externally using the domain name and http, so registering the certificate and the domain validity is not an issue.

The question is once I get the certificate issued, will I still be able to access my nextcloud locally from within my LAN using the hostname or IP?

I understand that LE wont issue certificate based on IP, all I want is to still be able to access my NC locally using its hostname or IP, doesnt matter if its https or http, just want to know if it will be accessible after I received the certificate.

Hope this makes sense.
Appreciate any advise on the topic. Thank in advance.


#2

If you try accessing https://IP that will throw an error and complain - unless you can get a valid cert with your IP in it (not easy to do).
So, you should use the name on the cert. https://cert.name
That said, the name on the cert may not resolve to the internal IP.
That is a DNS issue that must be overcome by your system or your DNS server.
If you use external (global) DNS system(s), then you will have to override their resolve with an entry in your HOSTS file (location varies on O/S).
If you use local (internal) DNS system(s), then you simply need to add an entry to resolve to the internal IP.


#3

I’m not to worried about accessing it on https on local LAN. Would I be able to access it using http://“hostname_IP” after the issued certificate?


#4

If you don’t chose “redirect http to https” then why not?
HTTP never complains as it has nothing to mismatch it with.


#5

so I have to choose not to redirect http…
If I choose to redirect http to https then local access over http will not work?
Thanks for the help thus far.


#6

Correct, it may force http://IP to https://IP (which won’t be liked).
Now you will have to deal with inbound Internet http connections…
Either block them entirely (not recommended).
Or redirect them specifically while ignoring the internal connections (not sure where that happens in NC config).


#7

Thank you so much for the help and guidance, it is greatly appreciated!


#8

There is a redirect that can be done in the NC config, So I will use that to route http traffic to https from external connections.
Thanks again for the help and advice, makes sense now and confident it will work what I am trying to achieve.