External Access - Collabora CODE Server

Hello guys,

I'm currently establishing access from the internet to my Nextcloud via Pangolin. So far it's working as expected, except for Collabora.

I've hosted Collabora CODE in a separate Docker container, made it available in my home network via Caddy, and included it in Nextcloud. When I'm at home, this works without any issues. But now, with external access, opening office files in the web browser from outside my home network results in a "side not found" error.

Based on my own research, the issue is that opening an office file from the web browser means that the Collabora server is accessed directly, which is not reachable from the internet. And the only solution I found so far is exposing Collabora to the internet as well, e.g., also via Pangolin over a dedicated subdomain.

Is this really necessary in order to enable editing of office documents in the web browser from the internet? And is this safe to do without any additional safety precautions? Or is there a different way to make this possible without exposing the Collabora server to the internet?

reddit.com
u/Dr-Technik — 5 days ago

Nextcloud behind Pangolin with authentication

I'm currently trying to make my Nextcloud instance (running in my homelab) available from the internet with Pangolin.

So far, everything is working, and I can reach Nextcloud from the internet. But when I try to use Pangolin's built-in authentication feature, it starts falling apart. For sure, accessing the web interface still works after authentication, but the Nextcloud apps on my smartphone and desktop clients, as well as the calendar sync, do not work anymore. So far, that result can be expected since the API endpoints cannot be reached anymore without authentication, and that's not possible.

I've read about the bypass rules (https://docs.pangolin.net/self-host/community-guides/rules), but if I add all the rules listed in that guide for Nextcloud, I basically bypass the authentication for almost every reasonable access, and therefore it seems to be useless to use it in the first place.

Now I'm asking myself if there is any way to use the pangolin authentification feature with nextcloud without breaking all the apps, clients and other sychronisation? Or do I have to live without the authentication in order to use nextcloud properly?

I already have safety measures in place. The nextcloud domain is region-blocked (currently only accessible from my home country), and I have crowdsec running with the nextcloud collection. Additionally, Nextcloud itself allows admin features only when accessing from my home network, and the accounts have 2FA. But the additional authentication would also be great if this could work.

reddit.com
u/Dr-Technik — 8 days ago