Disable https in Nextcloud Plugin

[ChrisChros]

Hi,

is there a way to disable https on the nextcloud plugin. I run nextcloud in my privat environment with no direct access from the inet. Only over my VPN connection I can access nextcloud from external.
Since the update to 23.0.2 I am not able to open the webpage from NC with Chrome. I always receive a NET::ERR_CERT_INVALID failure.
So I would like to disable https, also I am not really familiar with SSL and facing other problems e.g. backup access from my opnsense to nextcloud because of wrong ssl certificate.

Thanks for you help.

 

[Tweako]

Hello ChrisChros,

I'm having the same issue. Did you already found a solution for it?

 

[th3_f15t]

Within a shell for the Nextcloud jail, navigate to here:

/usr/local/etc/nginx/conf.d/

Edit this file:

nextcloud.conf

I'm not entirely sure how to go about enabling HTTP access, but I guess this is where you start. Hope this helps.

Alternatively, I use my Nextcloud in a similar way (private home network access only) and I used TrueNAS to make an Internal CA that signs my own certificates then added them to my servers/plugins. I access TrueNAS and Nextcloud via HTTPS with no errors or warnings.

 

[cyphertrex]

@ChrisChros Did you find a solution to the HTTPS issue? Im having the same problem. Need to get nextcloud to listen on port 80 without redirect so I can use my HTTPS reverse proxy.

 

[ChrisChros]

@ChrisChros Did you find a solution to the HTTPS issue? Im having the same problem. Need to get nextcloud to listen on port 80 without redirect so I can use my HTTPS reverse proxy.

No solution so far, sorry.

 

[cyphertrex]

@ChrisChros I have a work around. I figured it out after my message to you. You need to edit /usr/local/etc/nginx/conf.d/nextcloud.conf within the jail. Comment out the entire Redirect to HTTPS server directive - all the lines. Go down to the next server directive for port 443. Comment out the line that says "listen 443 ssl http2;" Below that line add "listen 80 default_server;" Next go down to the line that starts with "add_header Strict-Transport-Security...." and comment it out. Save the file. Restart nginx inside the jail with the command "service nginx restart". You may see a few warning messages about https. Should be fine since you're not using it. Check logging it nextcloud now via your reverse proxy. It should work. Below is the output of how my nextcloud.conf file works. Lastly - I did hear that these changes may not persist after a jail reboot and you'll need to apply them again. You might want to make a spare copy of these changes.

A quick note: personally, I've been getting annoyed with these issues with the plugin and update problems as well. I'm strongly considering moving nextcloud to a linux VM that I completely control so I have more flexibility and support with the nextcloud team. These plugins are too much of a blackbox for me.

Let me know if you have any questions and if this works for you.

Code:

upstream php-handler {
    server unix:/var/run/nextcloud-php-fpm.sock;
}

# Redirect to HTTPS
#server {
#    listen 80 default_server;
#    listen [::]:80;
#
#    location ^~ /.well-known/acme-challenge {
#        # Path to the root of your installation
#        root /usr/local/www/nextcloud/;
#        try_files $uri $uri/ =404;
#    }
#
#    location / {
#      return 301 https://$host:443$request_uri;
#    }
#}

server {
#    listen 443 ssl http2;
    listen 80 default_server;
    server_name _;

    # HSTS settings
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
#    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always;

    include conf.d/nextcloud.inc;
}