Merge pull request #1941 from holta/nextcloud-liberation-front

Nextcloud Liberation Front: Unblock Nextcloud in 192.168.1.* schools & all others!

roles/nextcloud/README.md

@@ -0,0 +1,14 @@
+# Nextcloud
+
+This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017.
+
+Login to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using:
+
+    Username: Admin
+    Password: changeme
+
+Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below?
+
+- https://github.com/nextcloud/nextcloudpi
+- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/
+- https://ownyourbits.com/nextcloudpi/

roles/nextcloud/templates/nextcloud.conf.j2

@@ -6,8 +6,14 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
 
     <IfModule mod_authz_core.c>
     # Apache 2.4
+    # http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html
     Require host localhost
-    Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
+    # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
+    Require all granted
+    # WANT BASIC SECURITY BASED ON IPv4 ADDRESSES? THEN USE THIS LINE INSTEAD:
+    #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10
+    # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc:
+    #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
     </IfModule>
     <IfModule !mod_authz_core.c>
     # Apache 2.2