Server: Sharing links with https:// not http://

Created on 16 Mar 2019 · 10Comments · Source: nextcloud/server

There should be a feature to configure the way nextcloud generates public links when sharing - for custom domain and schema to make them unrelated to the current URL used to access the website.

I do access nextcloud frontend via http, but still my public links are https. My public instance is the TLS termination point, but the connection is forwarded to nextcloud on http port through VPN. Public links are for sharing to world, but i intentionally use http myself to upload because the server is in my local network and uploads must go directly for me.

0. Needs triage enhancement

Source

matryoshkababushka

All 10 comments

Yes that is the way it is. We create links via method and url the current user is running as.

You could try to fix this by overwriting your url in the local dns. But this is out of scope for Nextcloud.

rullzer on 18 Mar 2019

😕1 👍1

Erkkh... Can you explain why an option to change share-only domain and protocol cannot be added to nextcloud?

matryoshkababushka on 18 Mar 2019

This should not be closed and must be feature request with larger discussion

You cannot control https/http transition with dns at all, and there are reasons to access site by http for some users.
Administrator of the "cloud" should have control over any generated links.
TLS imposes an increased CPU pressure and bandwidth requirements in slow networks, while domain and TLS, in some cases, can be only useful for sharing links to people to download. That's why you may need https for shared links while you generally cannot afford it for uploads and etc.

So who's setting the scope?

matryoshkababushka on 18 Mar 2019

https://github.com/nextcloud/server/issues/new?labels=enhancement%2C+0.+Needs+triage&template=Feature_request.md

Please use the feature request template to request a feature. I think there is only a little chance that someone will build such a feature.

It might be easier to update your initial post with the information from the feature request template. I will set the right labels and reopen.

kesselb on 18 Mar 2019

Thank you, it's done.

matryoshkababushka on 18 Mar 2019

No. This is error prone and will introduce code not tested by more than a few people while introducing a shitload of config options. We always try to keep the config options to a minium an work with sane defaults.

You should always use TLS. Even for the local network. The overhead is negligible compared to the php overhead etc.
If you really want to run in an unrecommended setup you should change the links yourself. Or login to the public facing website to copy them.

rullzer on 18 Mar 2019

👎1

I do access the web frontend via https but still my public links are http. My instance is behind an nginx reverse proxy, which is the tls termination point. Are there any special nginx configuration options required that I missed?

not-a-user on 4 May 2019

@not-a-user https://docs.nextcloud.com/server/16/admin_manual/configuration_server/reverse_proxy_configuration.html

kesselb on 5 May 2019

👍1

@kesselb Thanks for the link! I added 'overwriteprotocol' => 'https', to my config.php and it works. Now both the web frontend and the android app generate https links. (Note: I already had 'overwrite.cli.url' => 'https://my-host.com/my-installdir', but that is not sufficient.)

not-a-user on 7 May 2019

👍1

For nginx as reserve proxy it should be enough to add the ip of your reverse proxy to trusted_proxies but overwriteprotocol is fine too.

kesselb on 7 May 2019

Was this page helpful?

0 / 5 - 0 ratings