Access Nextcloud(lighttpd) outside LAN

opx · 13 September 2021 19:08

Hi I have set up nextcloud on my RPi4 4GB running DietPi with lighttpd as the webserver and everything is working perfectly fine over the LAN. I have installed nextcloud & lighttpd directly to rpi from dietpi-software catalogue.
Although I want to access nextcloud over the internet and I know one way to do this is by setting up wireguard VPN and forwarding the port on which nextcloud is running BUT the thing is I dont see nextcloud running on any port.
List of active ports (lsof -i -P -n)

COMMAND    PID        USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
mono       479    www-data    5u  IPv4  12903      0t0  TCP *:8084 (LISTEN)
dhclient   561        root    9u  IPv4  12900      0t0  UDP *:68 
dhclient   562        root    9u  IPv4  10039      0t0  UDP *:68 
dhclient   640        root    9u  IPv4  12919      0t0  UDP *:68 
dropbear   767        root    4u  IPv4  14111      0t0  TCP *:22 (LISTEN)
dropbear   767        root    5u  IPv6  14112      0t0  TCP *:22 (LISTEN)
redis-ser  786       redis    7u  IPv4  12984      0t0  TCP 127.0.0.1:6379 (LISTEN)
redis-ser  786       redis    8u  IPv6  12985      0t0  TCP [::1]:6379 (LISTEN)
mariadbd   872       mysql   20u  IPv4  14518      0t0  TCP 127.0.0.1:3306 (LISTEN)
lighttpd  1628    www-data    4u  IPv4  15067      0t0  TCP *:80 (LISTEN)
lighttpd  1628    www-data    5u  IPv6  15068      0t0  TCP *:80 (LISTEN) (P.S. tried access this port 80 but it just shows the default lighttpd Placeholder page)
qbittorre 1633 qbittorrent   15u  IPv6  11263      0t0  TCP *:1340 (LISTEN)
qbittorre 1633 qbittorrent   17u  IPv4  16718      0t0  TCP 127.0.0.1:6881 (LISTEN)
qbittorre 1633 qbittorrent   18u  IPv4  16719      0t0  UDP 127.0.0.1:6881 
qbittorre 1633 qbittorrent   19u  IPv4  16721      0t0  TCP 192.168.0.145:6881 (LISTEN)
qbittorre 1633 qbittorrent   20u  IPv4  16722      0t0  UDP 192.168.0.145:6881 
qbittorre 1633 qbittorrent   21u  IPv6  16724      0t0  TCP [::1]:6881 (LISTEN)
qbittorre 1633 qbittorrent   22u  IPv6  16725      0t0  UDP [::1]:6881 
qbittorre 1633 qbittorrent   23u  IPv6  16727      0t0  TCP [fe80::e65f:1ff:fe3f:37d4]:6881 (LISTEN)
qbittorre 1633 qbittorrent   24u  IPv6  16728      0t0  UDP [fe80::e65f:1ff:fe3f:37d4]:6881 
qbittorre 1633 qbittorrent   26u  IPv4  16730      0t0  UDP *:6771 
qbittorre 1633 qbittorrent   27u  IPv4  16731      0t0  UDP *:6771 
qbittorre 1633 qbittorrent   28u  IPv6  16732      0t0  UDP *:6771 
qbittorre 1633 qbittorrent   29u  IPv6  16733      0t0  UDP *:6771 
qbittorre 1633 qbittorrent   30u  IPv4  16734      0t0  UDP 192.168.0.145:1900 
qbittorre 1633 qbittorrent   31u  IPv4  16735      0t0  UDP 192.168.0.145:47019 
qbittorre 1633 qbittorrent   32u  IPv4  16752      0t0  UDP 192.168.0.145:53760

I access nextcloud on LAN with the following URL, 192.168.0.145/nextcloud. Not sure what port should I forward from my router and have the same on wireguard to have nextcloud accessible.

My lighttpd.conf

server.modules = (
	"mod_indexfile",
	"mod_setenv",
	"mod_access",
	"mod_alias",
 	"mod_redirect",
)

server.document-root = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80

# features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags       += ("server.h2proto" => "enable")
server.feature-flags       += ("server.h2c"     => "enable")
server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags       += ("server.graceful-restart-bg" => "enable")

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

#server.compat-module-load   = "disable"
server.modules += (
	"mod_dirlisting",
	"mod_staticfile",
)

my nextcloud config.php

<?php
$CONFIG = array (
  'passwordsalt' => '[mypasswordsalt]',
  'secret' => '[mysecret]',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '*',
  ),
  'datadirectory' => '/media/usbdrive/nextcloud_data', 
  'dbtype' => 'mysql',
  'version' => '22.1.1.2',
  'hashingThreads' => 4,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/run/redis/redis-server.sock',
    'port' => 0,
  ),
  'overwrite.cli.url' => 'http://localhost/nextcloud',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '', (p.s. I tred adding a random port here but didnt work)
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'oc_admin',
  'dbpassword' => '[mydbpassword]',
  'installed' => true,
  'instanceid' => 'ockmrpk01qnm',
  'maintenance' => false,
);

Sorry if all this sounds confusing I am still new to this and am just not sure how to access my nextcloud over the internet.
Also if someone could link to any other guides or ways which dont use port forwarding that would work for my configuration would be great!

Thanks!

Joulinar · 13 September 2021 19:23

Nestcloud is not an own application. It’s accessible via your web server running on port 80. Using wireguard is one option you could use. For Wireguard you would need to forward Wireguard port.

Another option is to follow attached guide to get direct access https://dietpi.com/forum/t/how-can-i-secure-connection-to-nextcloud/3820/4

The DDNS part changed in meantime and you could use our new tool dietpi-ddns or use any DDNS functionality of your router

opx · 14 September 2021 17:22

Ahh I was confused about the wireguard port forward part. But never the less I followed the guide that you linked and it didnt work, coz apparently it seems that my ISP is using a CGNAT. I got to know this as my public ip is different than what shows up as my WAN ip on my routers page, and due to this I wont be able to port forward.
Would you know any other way that wouldn’t require port forwarding ?

Thanks!

Joulinar · 14 September 2021 20:36

did you tried to use dietpi-ddns and one of the available DDNS provider? Maybe they will detect your correct public IP address?

If you really not able to forward ports (maybe something to check with your ISP), you could use a 3rd party provider like Remot3.it to connect to your system over the internet. https://dietpi.com/docs/software/remote_desktop/#remot3it