TY, for the information!
I am preparing a small guide for securing the Nextcloud app using Cloudflare and other methods, and would appreciate it if someone can take a look at it and give me some feedback and criticism to make it easier for others to secure their TrueNAS. I used the information from this thread as well as other resources, but since I am just learning this stuff myself, I hope someone with more experience can spot mistakes and potential problems.
Securing Nextcloud with Cloudflare
For this solution to work, a free Cloudflare account is needed, as well as a registered domain. The Cloudflare documentation is very well written and covers everything you need to know, setting up a domain and
DNS
Setup Cloudflare Tunnel
Cloudflare Zero Trust is a service for secure access and authentication between users and devices.
It is highly recommended to watch this from
Lawrence Systems setting up Cloudflare tunnels for applications. This guide assumes that the applications run as a docker container, but the same approach can be used to secure apps running on TrueNAS Scale in Kubernetes.
In the Cloudflare One dashboard, set a public hostname for accessing Nextcloud, this hostname, in this example it is: nextcloud.example.com
The service Type is set to HTTPS and the URL is the local TrueNAS IP + the Nextcloud container port, e.g. 192.168.1.1:9001
In: Additional application Settings > TLS > No TLS Verify = Enabled
Nextcloud Configuration
Two environment variables must be set in the Nextcloud application.
overwrite.cli.url and
overwritehost
This
forum post provided a solution to configuring Nextcloud to for the Cloudflare tunnel reaching the correct port.
In the Nextcloud App, the environment variables are edited as shown below, where `value` is the address.