Setup a internet facing reverse proxy ONLY for public shares


#1

Hi everyone!
Our Owncloud Server is working on our LAN not visible from internet.
One new requirement for us is to have public share links, so we have the following setup
1.On an internet accesible server (on ourdomain.com) we have an Apache with SSL working as reverse proxy for ALL access to /owncloud :

            ProxyRequests Off
            ProxyPass /owncloud http://localserver/owncloud
            ProxyPassReverse /owncloud http://localserver/owncloud

2.In config.php add ourdomain.com to trusted_domains

3.When we generate a public share link we will have to change the host (from http://localserver/owncloud/s/token to https:///owncloud/s/token)

Now we are wondering how to make the access from ourdomain.com more restrictive avoiding "normal" user login, and only allow access for those public shares we generate. It is not as easy as restrict the reverse proxy to /owncloud/s due the fact the browser still need stuff (javascript, css and other php pages) that are not in /owncloud/s...
And, of course we cannot change any code in the server to avoid user logins, we still need to login on http://localserver/owncloud

Any suggestions will be appreciated!


#2

In the Enterprise Version this can be done through the File Firewall. Please test in the appliance which is available for download.
Alternatively I would recommend a second ownCloud where you use Federated sharing!


#3

Thanks!
Could you be so kind to develop more the Federated sharing solution? The public links are for people who has only a web browser and files to put to and/or get from , they don't have neither know about OwnCloud


#4

What I meant is that you do a federated sharing to a second ownCloud in the DMZ - which has access to the internet and from there you do create the public shares.


#5

Thank you again! Got it!!