Block Admin from Internet in Nextcloud

NethServer Version: 7.7
Module: Nextcloud

Hello Guys

thx for your help and support.
I like to exclude the Nextcloud Admin form the (dangeros) internet. I will config the Nextcloud only internal networks ?
Is tha possible ?
thx Axel

I don’t believe there’s a built-in way to do this. There’s a Nextcloud app to restrict login by IP address, but it doesn’t appear to discriminate between admin and other users. You could try enabling two-factor authentication for the admin as an additional security measure.

Thx Dan

hope it is poosible to hav two-factor only for the admin :slight_smile:

2FA, IIRC, can be enabled user-by-user.

and use a strong password :slight_smile:

Moin Axel,

i have solved the problem here as well and that by a strict password and 2FA. In the firewall I restricted the access to Nextcloud to IP’s from Germany.



That’s something you can also do in Nextcloud itself–but it affects everyone, not just the admin.

1 Like

I didint understand the programers :wink: everybody deed a solution :wink: for this problem :frowning:

Sometimes the Admin is located into internet… For an hosted Nextcloud installation.
Maybe as option can be activated on Nextcloud (so get in touch with Nextcloud)


thx pike i will try and report news

I do not find a solution now. But with a fault my Nextclud admin cant be conneted from Internet …
I want to do this

config setprop nextcloud TrustedDomains
signal-event nethserver-nextcloud-update

but i am doing this

config setprop nextcloud
signal-event nethserver-nextcloud-update

than i try
config setprop nextcloud TrustedDomains
signal-event nethserver-nextcloud-update

now Nextcloud admin is excludes from login out of external networks


I dind know why but can be helpfull
config show nextcloud

Surprised Fail2ban hasn’t come up. I use it on everything even with 2fa as it can also shoot out an automated email when something is placed in a jail.

no fail2an now is one of the next steps

2fa is better like fido2

but was no time to try

Nextcloud let’s you login to trusted domains only. So if you only use an internal domain or IP address as TrustedDomain nobody can login from outside anymore. It’s not possible for a specific user like admin.

I found that you could block out admin with apache rewrite (didn’t test):

1 Like