How to add a trusted domain in Nextcloud

Nextcloud accepts browser requests only for hostnames listed in its trusted domain configuration. Adding a domain is common after moving DNS, changing the public site name, or replacing an installation-time hostname, and it prevents the new URL from landing on the untrusted-domain warning.

The trusted domain list lives in config/config.php as the trusted_domains array, and occ config:system:set can write one array index without opening the PHP file manually. Keep existing names that administrators still use, then add the new hostname at the next unused numeric index.

The domain entry is only one part of public URL handling. When a reverse proxy changes the visible scheme, port, or host before traffic reaches Nextcloud, pair this change with the reverse-proxy settings so generated links and security checks match the URL users open.

Steps to add a trusted domain in Nextcloud:

  1. Change to the Nextcloud installation directory.
    $ cd /var/www/nextcloud

    Use the directory that contains the occ file. Common web-server installs use /var/www/nextcloud, while container images often use /var/www/html.
    Related: How to run Nextcloud occ commands

  2. List the existing trusted domains.
    $ sudo -E -u www-data php occ config:system:get trusted_domains
    localhost

    trusted_domains is an array. The first value is index 0, so the next value in this example belongs at index 1.

  3. Add the new hostname at the next unused index.
    $ sudo -E -u www-data php occ config:system:set trusted_domains 1 --value=cloud.example.com
    System config value trusted_domains => 1 set to string cloud.example.com

    Do not remove the existing trusted hostnames unless they are no longer valid. Nextcloud uses this list to reject unexpected Host headers.

  4. Confirm the saved trusted domain list.
    $ sudo -E -u www-data php occ config:system:get trusted_domains
    localhost
    cloud.example.com
  5. Request the public Nextcloud status endpoint through the new hostname.
    $ curl --silent --show-error https://cloud.example.com/status.php
    {"installed":true,"maintenance":false,"needsDbUpgrade":false,"versionstring":"35.0.0","productname":"Nextcloud"}

    A JSON response through https://cloud.example.com confirms the hostname reaches the application without the untrusted-domain warning. If the site is behind a proxy and generated links still use the old host or scheme, update the reverse-proxy values separately.
    Related: How to configure Nextcloud behind a reverse proxy

  6. Open the new hostname in a browser.
    https://cloud.example.com/

    The login page should load without the untrusted-domain warning. Review Administration settingsOverview after a public cutover so remaining proxy, HTTPS, or generated-URL warnings are handled separately.
    Related: How to check Nextcloud administration overview warnings