How to add a Nextcloud trusted domain
Nextcloud trusted domains are a key security feature that helps protect your cloud data. When setting up trusted domains, it’s important to identify the primary domain and ensure that subdomains and alternative domains are also accounted for. You can add Nextcloud trusted domains by either editing the config.php file or using the Nextcloud occ command.
What is a Nextcloud trusted domain?
Trusted domains in Nextcloud function as a whitelist for authorised domains, allowing them to access your Nextcloud server. This security feature is particularly effective against so-called host header attacks, where cybercriminals attempt to gain unauthorised access by manipulating the HTTP header. By defining specific Nextcloud trusted domains, you ensure that your cloud server only accepts requests from these approved domains.
The trusted domains are stored in the Nextcloud config.php, which serves as the central configuration file for the cloud software. By default, only the domain under which the installation was made is listed as an authorised address. If the server needs to be accessible via multiple domains or subdomains, you will need to manually add the additional domains as trusted domains in Nextcloud.
- Free WordPress with .co.uk
- Free website protection with one Wildcard SSL
- Free Domain Connect for easy DNS setup
What to consider when selecting a Nextcloud trusted domain
Before adding Nextcloud trusted domains, determining the primary domain is absolutely essential. This is the main domain where your Nextcloud instance can be accessed. Usually, the domain defined during installation serves as the central access point. You should also consider all subdomains and alternative domains used for specific Nextcloud features, such as subdomains for collaborative workspaces or file sharing. It’s also vital that you have full control over the domains you want to add as Nextcloud trusted domains, or at least access to DNS management. This ensures that the DNS records for the domains are properly configured. For example, A-records link the domain to the correct IP address, while CNAME records allow you to create alternative domain names.
Managed Nextcloud Hosting by IONOS is a secure and convenient cloud solution requiring no administrative effort from you. IONOS handles the installation, maintenance and updates. Your data is stored on GDPR-compliant servers in Germany, guaranteeing the highest data protection standards.
How to add Nextcloud trusted domains via config.php
If you want to add a Nextcloud trusted domain, you can easily adjust the basic Nextcloud configuration to include it. The following step-by-step guide shows you how to add Nextcloud trusted domains in the config.php file.
Step 1: Log in to your Nextcloud server
Start by logging into your server through your Nextcloud client as an administrator. If the server’s IP address is, for example, “192.168.0.29” and your login name is “administration”, use the following command:
ssh administration@192.168.0.29If this is your first time connecting to the server, you may be prompted to enter your password and accept the server’s fingerprint.
Step 2: Open config.php file
The configuration file config.php is typically located in the installation directory /var/www/nextcloud/config/config.php and can be edited with any text editor, such as nano, Vim, or Emacs. For instance, if you are using nano, you can open the file with the following command:
sudo nano /var/www/html/nextcloud/config/config.phpYou may need to enter your password again when using the sudo command.
Step 3: Modify configuration file
Within the config.php file, there is a section for trusted domains, which includes all authorised domains. The initial configuration might look something like this:
'trusted_domains' =>
array (
0 => '192.168.0.29',
),In this example, only the IP address “192.168.0.29” is allowed to access the server. To add a trusted domain, you simply need to extend the index by adding an IP address or domain name as a value:
0 => '192.168.0.29',
1 => 'example.com',
),While it’s technically possible to add as many trusted domains as you like in Nextcloud, it’s generally recommended to use only one domain name for your own Nextcloud instance.
Step 4: Set up forwarding
If your Nextcloud instance is accessible via different URLs or you are operating behind a proxy server, you might need to configure the overwrite.cli.url option. This setting ensures that Nextcloud uses the correct base URL, particularly for internal redirects and links in notifications:
'overwrite.cli.url' => 'https://example.com',Step 5: Save Changes
Once you’ve entered all the trusted domains, you just need to save the changes. To do this, press [Ctrl] + [X], then [y] for “Yes”, and finally hit Enter.
You might also need to restart the web server for the changes to take effect. If you’re using Apache, run the following command:
sudo systemctl restart apache2If you’re using NGINX as your web server, the command is:
sudo systemctl restart nginx- Keep your data safe with industry-leading security
- Save time on updates and maintenance
- Easily add apps and online office tools
How to add Nextcloud trusted domains using the occ tool
You can also use the occ command-line tool to add trusted domains. The application may need to be installed first, but it can be activated quickly and easily through the built-in App Store, just like with other Nextcloud apps. After that, use the following command to add the authorised domain:
occ config:system:set trusted_domains 2 --value=<insert domain here>The number you enter will depend on how many entries already exist. The “2” in this example means that “0” and “1” are already used for other trusted domains.
To make sure the changes are applied, restart the Nextcloud server:
sudo systemctl restart apache2Or, if using NGINX:
sudo systemctl restart nginx