Thursday, November 28, 2024

Tailscale certificates with NextCloud

I run a self-hosted NextCloud instance within the home, and use Tailscale to access it while out and about. This entailed editing /var/www/nextcloud/config/config.php to add trusted_domains:

'trusted_domains' =>
array (
  0 => 'localhost',
  1 => 'nextcloud.tails-scales.ts.net',
),

As using the default self-signed certificate is annoying, I installed a Tailscale certificate instead. A script run from crontab each week automatically renews the certificate:

#/bin/bash

out=$(tailscale cert --cert-file /etc/ssl/certs/tailscale.crt \
                     --key-file /etc/ssl/private/tailscale.key \
                     nextcloud.tails-scales.ts.net)

if [ $? -ne 0 ]; then
  echo tailscale cert failed
  exit 1
fi

# No new certificate needed, just quietly exit
if echo ${out} | grep -q unchanged ; then
  exit 0
fi

echo tailscale cert updated, reloading apache
systemctl reload apache2