[GH-ISSUE #175] How to use with Nextcloud? #3267

Closed
opened 2026-04-20 07:11:24 -05:00 by GiteaMirror · 3 comments
Owner

Originally created by @jaymgs on GitHub (Feb 9, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/175

My last step migrating from Cloudflare Tunnels is Nextcloud.
Unfortunately, while I can access the url and login just fine, the Nextcloud apps on desktop and mobile cannot. They are just stuck in a disconnected state, I assume because of the Pangolin authentication that is required first. Any workaround?

Originally created by @jaymgs on GitHub (Feb 9, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/175 My last step migrating from Cloudflare Tunnels is Nextcloud. Unfortunately, while I can access the url and login just fine, the Nextcloud apps on desktop and mobile cannot. They are just stuck in a disconnected state, I assume because of the Pangolin authentication that is required first. Any workaround?
Author
Owner

@miloschwartz commented on GitHub (Feb 9, 2025):

Yes I think the issue is the auth is preventing the mobile client from connecting. A workaround is to disable Pangolin's auth for Nextcloud since it has it's own auth. We're working on a rules feature that might provide a better solution to this in the future, where you could define certain paths (like the Nextcloud api paths) that would be exempt from auth.

<!-- gh-comment-id:2646422343 --> @miloschwartz commented on GitHub (Feb 9, 2025): Yes I think the issue is the auth is preventing the mobile client from connecting. A workaround is to disable Pangolin's auth for Nextcloud since it has it's own auth. We're working on a rules feature that might provide a better solution to this in the future, where you could define certain paths (like the Nextcloud api paths) that would be exempt from auth.
Author
Owner

@jaymgs commented on GitHub (Feb 9, 2025):

A workaround is to disable Pangolin's auth

Of course, why didn't I think of that. I will do this.
Love the project!

<!-- gh-comment-id:2646439627 --> @jaymgs commented on GitHub (Feb 9, 2025): > A workaround is to disable Pangolin's auth Of course, why didn't I think of that. I will do this. Love the project!
Author
Owner

@randshell commented on GitHub (Nov 1, 2025):

I have similar concerns. While using rules to disable Pangolin's auth for certain paths is a workaround, by doing so it stops being an identity-aware proxy. In other words, any vulnerability in the whitelisted APIs could be potentially exploited as the requests don't pass through the Pangolin's auth / authz anymore and go straight to the service instead.

I'm exploring hosting the various services, e.g., NextCloud, under a random path to help with this aspect. As long as this random URL string remains private, nobody can even access the service, which can also be checked with a log monitoring solution.

<!-- gh-comment-id:3476840401 --> @randshell commented on GitHub (Nov 1, 2025): I have similar concerns. While using rules to disable Pangolin's auth for certain paths is a workaround, by doing so it stops being an identity-aware proxy. In other words, any vulnerability in the whitelisted APIs could be potentially exploited as the requests don't pass through the Pangolin's auth / authz anymore and go straight to the service instead. I'm exploring hosting the various services, e.g., NextCloud, under a random path to help with this aspect. As long as this random URL string remains private, nobody can even access the service, which can also be checked with a log monitoring solution.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#3267