Hi everyone, I’m new to the ownCloud world and I wanted to try it in my lab. I did a very standard docker install (via portainer) in http, now to reach it from the outside I use HAproxy on opnsense. As already configured on other services (homeassistant), everything behind the reverse proxy is http, while from the outside it is https with the relevant certificate. now the problem I’m encountering is that if I’m in VPN (net 192.168.100.0/24) and I enable ovveride protocol from owncloud I can only connect from the public address h t tp s://mydomain. com (with related spoofing error), if instead I remove the 'override protocol I can connect from VPN with htt p ://192.168.1.50, but from the public url (without VPN) ht t p s://mydomain.com I receive a 302 connection timeout error
You don’t have an ownCloud problem. You have a poor network design problem. Whatever possessed you to implement such a convoluted configuration?
You should always access your services over HTTPS and the correct hostname regardless of whether you are on the LAN, the public internet, or a VPN. You will want to learn about split DNS and hairpin NAT. You could also place your services in a DMZ instead.
This is not the right venue to teach you how to correctly design your network to support web service access. Once you redesign your network to employ a suitable architecture, your access issues will work themselves out.
First of all, thank you very much for the reply, it’s always nice to get some ideas from those who know more. to return to the configuration of my home network, I evaluated the solution that gave me the least headaches based on my expertise and usage. and let’s say that a ddns with reverse proxy was the configuration that I considered most appropriate. until today (wrongly) I thought that it was enough for me to have https with ddns up to reverse proxy from the outside and internally I was fine with http without a domain name. but this configuration can and certainly will change, but as you specified this is not the right place to discuss it. Returning to the focus of the discussion, is it possible to have HTTP on the internal network (connecting directly via IP) and https from outside by connecting via DDNS?
Even if it is possible, you should definitely not do that, as it is a security incident just waiting to happen.
The effort required to make that setup work, would be better spent implementing a secure, reliable, and consistent setup.
I don’t know how you are managing your DDNS, but I encourage the use of a subdomain from your own domain over one from a shared domain registered to a DDNS provider.
sorry, I explained badly about DDNS, I have a domain on cloudflare where I update the record with my public IP (only 1 dynamic IP). now I try to follow your very useful advice and to start I created a DMZ with VLAN30 (I only have 1 switch). now I’m trying to put owncloud on docker in dmz and I was thinking of a revese proxy with forwarding rules based on the subdomain that sends the traffic.
example vpn. mydomain. com to openvpn on lan
ha . mydomain . com on another service in LAN and cloud. mydomain. com on owncloud in DMZ
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.