I host Nextcloud locally, i.e. I and everyone inside my home WiFi network, can access it. The problem occurs when I try to use public link for sharing or when my friends try to access guest accounts. Everyone that tries to access my Nextcloud, while not connected to the same router get a ‘Website is not reachable’ error. I deployed my Nextcloud on my internal IP address and have set a DDNS domain (no-ip.com) to point to that internal IP address. The domain has a valid SSL certificate and both ports 80 and 443 are being forwarded through my router’s firewall (for HTTPS/SSL setup I have followed Joulinar’s how-to found here: How can i enable SSL/HTTPS on my NexCloud setup on DietPi? - #2 by Joulinar ). I have read similar topics and found people mentioning setting up a VPN server using Wireguard to make this possible and I have also watched this video: https://www.youtube.com/watch?v=yRkdzGmnvA4 ,as to at least tackle my issue (and my ignorance as well). So my question is: do I need to “move” (so it loads cloud’s dashboard when I type in my external IP address i.e. DDNS) my Nextcloud instance to my external IP address (and then make my DDNS domain point to it) to make it externally accessible or do I need to do something else?
My system specifications are:
Raspberry Pi 4B (4GB RAM)
Apache v2.4.61
DietPi v9.6.1
Nextcloud Hub 8 v29.0.4
I set mine up on my RPi with dietpi-ddns and it works fine. It just tells the ddns service your public IP.
Can you reach anything with just your public IP?
When you installed nextcloud also a webserver was installed, which should show a default landing page in the root. Can you reach that side when you make a request to your public IP?
Also nextcloud should be reachable under <your_IP/DDNS_domain>/nextcloud
Oh I did not know that you can do it this way. Although I think setting it up on your modem is more resilient - then you can reach your network even if your dietpi is off for a while.
I added my DDNS to dietpi-ddns, I even added it to my router. When I type in <DDNS_domain> or <DDNS_domain>/nextcloud, the page loads for ages until it shows me the Connection Timed Out error. The same thing occurs when I type in <my_ext_IP> or <my_ext_IP>/nextcloud, saying how it took too long for the server on <my_ext_IP/DDNS_domain> to respond. I tried accessing it with my mobile phone and whether I use my WiFi or Mobile Data, I get the exact same error.
It’s correct. I double-checked the internal IP of the RPi and it’s the same as one being port forwarded. My router asks for the range of ports, so I deleted everything and typed in my RPi’s internal IP and port range of 80-80 and 443-443. Every single time I (re-)add them, my router returns with “Success!” message, as it successfully added these to port forwarding. I am once again faced with Connection Timed Out error.
I returned the protocol settings to TCP+UDP. I have checked my external IP using whatismyipaddress.com and it matches with the IP / target set on NO-IP site. ufw is only installed on this device, i.e. the one I access the Nextcloud with. But I have no firewall on my mobile phone, so I see no reason why I shouldn’t be able to access it from there. Even the Nextcloud app shows my admin account as being offline.
EDIT: I turned the ufw off and the problem still persists…Connection Timed Out
For some reason your port forwarding is not working.
What router do you use and what webserver do you have installed?
Has external access worked in the past, e.g. for some other services?
True.
The router brand is ZTE and the webserver is Apache.
I cannot claim that it worked, since I didn’t have the need to share anything so everything was running locally, so I cannot claim that it (did not) work(ed). I have read that external IP addresses within this range: 100.64.0.1 to 100.127.255.254 are behind the CGNAT, and since my external IP starts with a number lesser than 100, then that should mean that I am not behind the CGNAT.
Update.
I read some people contacted their ISP provider in order to tackle the issue. Since I was desperate, I did that. Guess what. I was behind a CGNAT after all. My ISP turned the CGNAT off and now it…kind of works? When I type in my DDNS domain, it shows me this error Connection Refused. But when I type in my external IP (with ports included and without them), it brings me to my router’s website (where I configure settings such as port forwarding). I turned the ufw off on the device I’m trying to access it with and still no success. Any clues?
EDIT: when I type in my RPi’s internal IP address, I get redirected to Nextcloud but it says Accessing from untrusted domain. That’s odd since both localhost and myDDNS are added to the trusted domains at /var/www/nextcloud/config/config.php.
I removed ufw.
Now this confuses me. How do I add this since I only have option for port range, and not for whether port is external or internal? Nonetheless, I added port 8443 to port forwarding and typed in what you wrote into my phone while using mobile data and I still get Connection Refused.
This is how my port forwarding looks like. First is the IP address, second port range, third protocol and fourth comment, more like the ‘title’ of the forwarded port. It’s purpose is solely for management, so one can set the rules apart.
Update no. 2. It let me access my Nextcloud on my phone while using mobile data but only when I typed in https://myddnsdomain.com:443/nextcloud. I can see the login page. But when I do that on this device, which is connected to the WiFi, I get the Connection Refused error. I’m using Linux Mint on this device, and I checked whether the ufw is removed, it is.
ok so all is working as expected for external access
Do you need to specify port 443? Usually this is not needed as it is default HTTPS port.
Your router is blocking access from the internal network to your external IP address. This is usually a problem with the router device and there is not much you can do. Unless you have a local DNS server like PiHole or AdGuard Home. Or you can contact your ISP or whoever sold you the router and ask for assistance on how to reach a DDNS server from the internal network that points to your external IP address.
Okay, so I tried it without the port and it works, as long as I am not connected to the WiFi. Thank you, I’ll contact my ISP and see if they can do anything about it. If that fails, I’ll try setting up a local DNS.
P.S. Connecting my Linux Mint to the hotspot allows me to access Nextcloud on this device. I guess that this kind of access will have to do until I resolve the issue as you advised.
My ISP turned the CGNAT off and now it…kind of works? When I type in my DDNS domain, it shows me this error 