You now need to add a DNS record to a domain for nextcloud. We’ll assume cloud.example.com
. The A record needs to point at the IP address of the machine hosting the ssl-termination-proxy/0
unit.
An easy way to fetch the relevant IP address is to use the filtering and formatting options of the juju status
command:
juju status ssl-termination-proxy/0 --format=line
Produces
- ssl-termination-proxy/0: 54.215.139.236 (agent:idle, workload:active) 80/tcp, 443/tcp
With that information available, add the equivalent DNS entry:
cloud A 54.215.139.236 3600
Now, we set the config options for the relevant applications, we need to open the proxy to the Internet and add a relation between the ssl-termination-proxy and nextcloud-fqdn.
juju config nextcloud fqdn=cloud.example.com
juju config nextcloud-fqdn fqdns=cloud.example.com
juju expose ssl-termination-proxy
juju relate ssl-termination-proxy nextcloud-fqdn:ssl-termination
After a minute or so, juju status
output will converge to something that looks like this:
$ juju status
Model Controller Cloud/Region Version SLA Timestamp
privcloud jaas aws/us-west-1 2.6.8 unsupported 16:14:23+13:00
App Version Status Scale Charm Store Rev OS Notes
nextcloud 16.0.1.1 active 1 nextcloud jujucharms 3 ubuntu exposed
nextcloud-fqdn active 1 ssl-termination-fqdn jujucharms 5 ubuntu
postgresql 10.10 active 1 postgresql jujucharms 199 ubuntu
ssl-termination-proxy active 1 ssl-termination-proxy jujucharms 15 ubuntu exposed
Unit Workload Agent Machine Public address Ports Message
nextcloud/0* active idle 0 52.53.172.164 80/tcp Nextcloud is OK.
postgresql/0* active idle 0 52.53.172.164 5432/tcp Live master (10.10)
ssl-termination-proxy/0* active idle 1 54.215.139.236 80/tcp,443/tcp Ready (cloud.example.com)
nextcloud-fqdn/0* active idle 54.215.139.236 Ready
Machine State DNS Inst id Series AZ Message
0 started 52.53.172.164 i-0d1e5b3a3de5eb4ca bionic us-west-1c running
1 started 54.215.139.236 i-03d027ce3a8f9fc2e xenial us-west-1b running
If yo you now access the page, you might be surprised at what you encounter:

Okay. The security warnings from the browser have gone, but a new one from Nextcloud has popped up. But that’s okay. We can use juju ssh
to make the recommended setting change.
Alter Nextcloud trusted_domains setting
We now need to tweak some settings within our Nextcloud instance to allow it to understand HTTPS.
The nextcloud charm that we’ve deployed supports an action that does this, add-trusted-domain
. Include the domain
and index
parameters.
$ juju run-action nextcloud/0 add-trusted-domain --wait domain="localhost" index=1
Action queued with id: <id>
Alter Nextcloud trusted_domains setting manually
If you want to know what’s happening under the hood, you can also perform this step yourself:
Access remote shell securely
Juju provides a helper command that understands how to connect to units directly without needing to refer back to their IP addresses:
juju ssh nextcloud/0
Now, we need to find where the application is stored. We’ll use the find
command to look for the file that
sudo find / -name 'config.sample.php' 2>/dev/null
/var/www/nextcloud/config/config.sample.php
Let’s look inside that directory:
ls /var/www/nextcloud/config/
CAN_INSTALL config.php config.sample.php
Great. config.php
definitely looks like what we want. Let’s make a backup and edit that file.
cd /var/www/nextcloud/config/
sudo cp config.php config.backup.php
Use your favourite editor: to edit the
sudo nano config.php
Edit the ‘trusted_domains’ line so that it includes your domain name:
<?php
$CONFIG = array (
// ...
'trusted_domains' => array ('cloud.example.com'),
// ...
);
Save the file.
Access Nextcloud over HTTPS
Duration: 0:10
Visiting your domain name with your browser should present you with a login page with no security warnings:
