I think I’ve successfully installed NS8 on a Debian 13 VM and can access the NS8 GUI from another VM on the same VLAN. I am trying to configure the Nextcloud hostname and generate a Letsencrypt certificate, but it’s telling me it can’t obtain one via my public IP address, when I go to save the settings. I’m sure it’s because my VM is connected to the internet through a NethSec gateway. Do I need to setup a port forwarding rule for 80 and 443, to go from WAN to LAN (192.168.1.0/24) and will that limit me down the road if I setup another LAN (e.g., 192.168.2.0/24)? Will this allow me to access the NS8 GUI remotely, e.g., from my home office? I want to be able to do that, as well as access the NethSec GUI remotely. I know I can VPN in and achieve the same thing, but I’d like to use my fqdn to access it if I want.
Also, do I want NethSec to generate Letsencrypt certificates or do I want NS8 to do that? I might run a website down the road on NS8, other than Nextcloud. I would rather certificates not conflict, if Nextcloud’s creating them or NS8’s creating them or NethSec’s creating them? I’m not that new to this, but I’m somewhat green, due to not having worked much with NethSec and NS8. I have an NS7 server running with Nextcloud on it, but it’s outdated and unsupported now.
You could use port forwarding to forward port 443 from the NethSec to the NS8. This way requesting certs from NS8 is working.
In that case everything on port 443 is redirected to the NS8 so it’s reachable remotely.
NS8 requests it’s Lets Encrypt certs via port 443 whereas NethSec requests them via port 80. This way it’s possible to request LE certs on both, NS8 and NethSec.
It’s also possible to request all the certificates on the NethSec and use the nginx reverse proxy to redirect to the internal web sites.
Another way is to use port forwarding to the NS8 and use traefik, the NS8 reverse proxy to redirect via HTTP routes.
In your case the simplest approach is forwarding port 443 from the NethSec to the NS8.
If you enable port forwarding of port 443 on the NethSec, the reverse proxy isn’t working and you can’t connect remotely to the NethSec via port 443 anymore so you’d need to use port 9090.
That worked splendidly! I generated a Letsencrypt certificate in NethSec, just for its subdomain.domain, which I can access on port 9090. I port forwarded 443 in Nethsec to my NS8 LAN IP. Then I generated a Letsencrypt certificate within the Nextcloud setup in the NS8 node. I can use its subdomain.domain to access Nextcloud remotely on a browser. Thank you, Markus!