nextcloud fine tunning for internal & external Lan access

Thanks to the administrators for creating dietpi. I have install nextcloud & fail2ban on dietpi. I have installed letenscryppt certificate also & forward my routers port to raspberrypi. I am able to access my nextcloud webpage from local lan also from outside via ddns (
• I configured credential in nextcloud android app on my phone. While I am away from lan app open the nextcloud page but when I come into my lan (raspberry also in same lan). App not able to fetch data from next cloud. Is there any way I can give internal & external web address in nextcloud so that app can work within & outside with same credientials. I do not want to put two credential in app one for internal(http:/192.168.1.xx/nextcloud) & one for external access( automatically switching is desirable.
• This is the first time I have open 80 & 443 port in my router. In broad scope is it safe to open these port for raspberry with nextcloud. I have put cron command to up-to-date operating system weekly via apt-get update, apt-get upgrade.
• Any other suggestion to make system more effective & stable.
thanks in advance.


you should be able to access NextCloud using duckdns name from inside and outside your lan. Usually there is no difference. You could try it on a computer in your lan as well. It should work. if not, check your router how thinks are managed. As well you could have a look on your computer which IP is resolved for duckdns name inside your network

There is no need to schedule a cron job to perform apt-get update && apt-get upgrade. DietPi as well is offering this feature that can be set in dietpi.txt

# Daily check for APT package updates: 0=disable | 1=check only | 2=check and upgrade automatically
# - Upgrade logs can be found at: /var/tmp/dietpi/logs/dietpi-update_apt.log

A few options:

  1. Create an A record on the internal DNS with the duckdns name pointing to the private IP. You also need to ignore it, when the router is updating the ddns, so as not to update with the private IP.
  2. Do a NAT loopback. This is not advised as it will use router resources for what would be internal traffic.