THE trusted domains (in French: trusted domains) Nextcloud are a security feature that helps protect your Cloud data. When configuring them, it is essential to identify the primary domain and ensure that subdomains and alternate domains are taken into account. To add trusted domains in Nextcloud, you can either modify the file config.phpor use the Nextcloud command occ.
What is a Nextcloud trusted domain?
Trusted domains work in Nextcloud as a domain whitelist authorized to access your Nextcloud server. This security feature protects against host header attacks (Host Header Attacks), whereby cybercriminals attempt to gain unauthorized access by forging the HTTP header. By defining trusted domains in Nextcloud, you ensure that your Cloud server only accepts requests from these domains.
Trusted domains are stored in Nextcloud config.php, the software's central configuration file. By default, only the domain used during installation is registered there asauthorized address. If the server needs to be accessible under multiple domains or subdomains, it is necessary to manually add the additional domains as trusted domains.
Domain name
Your domain in one click
- 1 Wildcard SSL certificate per contract
- Included Domain Connect feature for simplified DNS setup
What should you consider when choosing a trusted domain for Nextcloud?
Before defining Nextcloud trusted domains, it is necessary to identify the main domainunder which your Nextcloud instance is accessible. This is typically the domain used as the central access point to install the Nextcloud instance. Also consider any subdomains and alternate domains you use for specific Nextcloud features; for example, subdomains for collaborative workspaces or file sharing.
It is essential to have the full domain control that you want to register in Nextcloud as trusted domains, or that you at least have access to DNS management. This ensures that the DNS records for the domains are configured correctly. While an A record helps ensure that the domain is associated with the correct IP address, a CNAME record is used to create alternative domain names.
Advice
Managed Nextcloud hosting from IONOS is a secure and practical Cloud solution that imposes no administrative constraints on you. IONOS takes care of installation, maintenance and updates. Your data is stored on GDPR-compliant servers in Germany, which meet the highest data protection standards.
Add trusted domains in Nextcloud via config.php
To add a trusted domain to Nextcloud, you simply need to adapt the basic configuration. Find out below the steps needed to add Nextcloud trusted domains to the file config.php.
Step 1: Connect to Nextcloud Server
The first thing to do is log in to your server as an administrator via your Nextcloud client. For example, if the current server IP address is « 192.168.0.29 » and the login name is « administration », you can connect using the following command:
ssh administration@192.168.0.29bash
Note
If this is your first time connecting to the server, you may need to enter your password and accept the server's fingerprint.
Step 2: Open the File config.php
The configuration file config.php is usually located in the installation directory /var/www/nextcloud/config/config.php and can be customized with any text editor, like nano, Vim or Emacs. If you use nano, you can for example open the file with the following command:
sudo nano /var/www/html/nextcloud/config/config.phpbash
Note
You may need to re-enter your password to use the command sudo.
Step 3: Customize the configuration file
In the file config.phpa separate entry dedicated to trusted domains contains all authorized domains. The initial configuration looks like the following:
'trusted_domains' =>
array (
0 => '192.168.0.29',
),php
In this example, only the IP address “192.168.0.29” is allowed to access the server. To add a trusted domain, you must extend the index with an IP address or domain name as the value:
0 => '192.168.0.29',
1 => 'example.com',
),php
Note
Although it is in principle possible to add as many trusted domains as you want in Nextcloud, it is recommended to only use one domain name for your own Nextcloud instance.
Step 4: Set a redirect
If your Nextcloud instance is accessible via different URLs or if you are working behind a proxy server, it may be necessary to set the option overwrite.cli.url. This setting helps ensure that Nextcloud uses the correct base URL, especially for internal redirects and links in notifications.
'overwrite.cli.url' => 'https://example.com',php
Step 5: Save Changes
Once all the trusted domains have been added, all you have to do is save the changes: press [Ctrl] + [X]then on [Y] to confirm, and finally press the button [Entrée].
It may then be necessary to restart the web server for the adaptations to take effect. Run the following command if you are using Apache:
sudo systemctl restart apache2bash
If you chose NGINX as your web server, the command is as follows:
sudo systemctl restart nginxbash
Managed Nextcloud
Cloud storage that puts you in control
- Effectively protect your data with industry-leading security
- Save time on updates and maintenance
- Easily add apps and collaboration tools
Add trusted domains to Nextcloud using the tool occ
Another option is to use the command line tool occ to modify the trusted domains. You will potentially need to install the app, but as with other Nextcloud apps, this can be done quickly and easily via the App Store. Once installed, use the following command to add trusted domains:
occ config:system:set trusted_domains 2 --value=bash
The number you must enter depends on the number of index entries already present. In the example above, the 2 indicates that 0 and 1 are already used for other trusted domains.
To apply the changes, you must then restart the Nextcloud server:
sudo systemctl restart apache2bash
If you are using NGINX, use the following command:
sudo systemctl restart nginxbash
