Hello guys for a change, passing by to ask for help 
I am using Nethserver version 7.9.2009 along with Nextcloud 25.0.2. Well, locally everything working correctly.
I have a Dyndns address because I am using 2 internet links on my Nethserver.
External access works to access Nethserver but not to access Nextcloud, it could help me in this condition.
Thanks again.
Which is the error message of the browser trying to access to NextCloud?
Is your Nextcloud configured as a VirthalHost or as an application?
For instance.
Assuming your Nethserver public FDQN is mynethserver.dyndns.ext.
If you use Nextcloud as application, access should be mynethserver.dyndns.ext/NextCloud (donāt quote me on capital letters, i donāt have any handy access to NextCloud installation currently)
If you use as VirtualHost, you should have also a mynextcloud.dyndns.ext, and this FDQN should also be requested via DynDNS client and as LetāsEncrypt certificate.
2 Likes
Is there a procedure I can follow to make these changes to the system?
Without knowing your current setup no one can pinpoint you to any procedureā¦
Hello @zepepa
-
Is your NethServer running as your riouter Firewall or are you using - more reasonably - another box as firewall / router?
-
Most ānormalā people here using 2 Internet Links (Failover) have at least one of the two as a static address.
You are saying you have a DynDNS address only because youāre using two Internet Links? This does NOT make any sense! And I think you know this!
Sure there is a very easy to reach NextCloud externally, at least with one of your two Internet connectionsā¦
Just set up LetsEncrypt for your NethServer, using your DNS Domain. You are, like most sensible people using a REAL DNS Domain on your NethServer? Or are you still using pre-2000 crap like .local or .lan domains?
I just wish some people seeking help here would stop acting as though weāre all mind-readers or something. No, Iāll admit Iām not telepathic or likewise gifted!
And: this is not top secret stuff is it?
So why not give us some basic infos so we can help you?
Iām pretty sure youāre running your NethServer as firewall/router, but not one word from you after 2 posts?
Whatās wrong with you guys?
PS: @zepepa
I will attest you decent, understandable english in your two posts. Even if youāre not a native english speaker (writer), whatever translate service youāre using is good (Deepl?).
However, despite the decent enough english, thereās hardly any info to your situation / connectivity / and important settings like LetsEncrypt and if youāre using a real domain name and if you are using NethServer as firewall/router.
I do not have exact stats, but Iād say less than 50% of users on this forum use NethServer as firewall. Neither I nor my 30+ clients use NethServer as Firewallā¦ I see NethServer as a great single server running several services for SME-companies, but I do not see NethServer as a firewall. I use OPNsense, a distro which does nothing else except firewalling and routing, and this runs on itās own box.
If I ever have issues with NethServer, I want to be able to access the Internet to fix it wih help from the Forum or Googleā¦
My 2 cents
Andy
Hi Andy
Forgive me for the English and yes Iām not fluent in that language, however just for that I didnāt need to be so aggressive, I particularly didnāt read anywhere that only āJedisā could post a question in the forum, but again yes you are right.
Iām an enthusiast of the platform and in fact Iām blocking some points that Iām not getting success, for that reason I decided to ask some questions in the forum.
If I was empty, again I apologize, for me itās still a start, I worked with Zentyal for a long time, and recently I discovered Nethserver.
Leaving aside the unpleasant part caused by my questions, here are some pertinent clarifications.
1 ) I use two 2 internet links but they are not fixed ips, they are dynamic so I decided to use Dyndns to translate these addresses. (if the English is still bad, forgive me, Iām using Google).
2 ) The use of Letscript for Nextcloud I did not find. But since I migrated my previous server to nethserver I still use the crappy .lan domain (I didnāt change much because of knowledge and time to change equipment).
- Yes my Nethserver is like Firewall, File Server, AD and Backup, unfortunately. I work with some small and medium-sized companies, nothing big as you may be used to, what I need here is cost, thatās why Nethserver stood out.
Finally, I believe thatās it, all help is welcome, but if you canāt help either, you donāt need to be harsh or exaggerated with your words, but even so Iām aware of my limitations and I hope I can improve over time.
Thanks to the whole community
Zepepa (Brazil) 
Initially I need (I believe) to create a release rule for external access on NextCloud
Internal Network Access: https://192.168.10.1/nextcloud 
External Public Access: https://server.serveftp.org/nextcloud ( dyndns ) 
Accessing Nextcloud https://server.serveftp.org:9090
Fictitious addresses but thatās the idea
Hi @zepepa
Thanks for the background infosā¦
I did think I was a bit āroughā, but I hope not too harsch.
And, I never put any requirement that only Jedis / Gurus / Experts are welcome here - or get answersā¦
Everyone starts somewhere, thatās understood. Also we think the only dumb questions are the ones never asked. But art least tell us about your environment!
I am here on the Forum (At 04:00 AM in the early morningā¦) to help, so letās see whatās possibleā¦
One of your major problems, even if you do not see the whole picture yert, starts from your use of the .lan domain.
- The use of .local or .lan domains started before the year 2000, as a suggestion from Microsoft, eg for use in their Active Domains, an also because Microsoft did not quite understand how DNS works, despite them programming and including a DNS server in every Server version of Windows since then.
If I recall correctly, it was around 1998, that Microsoft, a company which does not have ābudgetā problems like others may have, were running their own DNS service, at the time 4 seperate DNS servers. At the time, the Microsoft complex had also more than one Internet Uplink, for redundancy reasons - which makes sense.
But putting all 4 DNS servers behind the same Firewall / Router, on the same Internet Uplink is simply asking for troubleā¦ And that happened when a technician made a typo in the default route for that router, disconnecting it from the Internet. A few hours later, Microsoft completly went off the Internet, Google could not find themā¦ One of the reasons why DNS best practices suggest 2 seperate sites, behind 2 different ISPs or even technologies, to minimise DNS downime. And without Internet DNS, you do not existā¦ Globally, they were Offline for 3-4 daysā¦ (!)
In any case, after that, then CEO of Microsoft Steve Ballmer outsourced all external DNS services to people who knew how tzo handle DNS, and Microsoft started giving out the stupid advice of using .local as AD domainā¦
Microsoft for at least 12 years now suggests using a subdomain of your real DNS domain. Example: ad.domain.tld.
- Modern devices, like the ubiquitious smartphones, be they Android or iOS, do require a valid SSL certificate to work reliably. Sure you can manually import the cert, and it will work maybe more than one day, but youāll soon understand why certificates are neededā¦ Additionally, a lot of existing commercial programs available require nowadays valid SSL certs too. On top of the commercial ones, open-source stuff, especially PHP and JAVA programmed stuff will require valid SSL to work.
ā So my first suggestion is relieve yourself of a major headache, and redo your NethServer (Keeping Data) by recreating your AD or the whole NethServer. Keep a record of Users / Groups and Permissions.
Also keep a record of DHCP & Reservations used.
Iād suggest a FQDN of:
nethserver.domain.tld
and for your AD use
ad.domain.tld
and for your Nextcloud, you might as well use:
cloud.domain.tld
Make sure to add both names in your external DNS hoster, and point them to your external IP.
Now, once DNS has replicated globally, you should have NO issues using NethServers built in Letās Encrypt in Cockpitā¦
Make sure you add in nthe FQDN and the AD as alias, in the LetsEncrypt request, but also under Aliases in the Server-Aliases in the Cockpit Startpage (Deshboard). And also the cloud.domain.tld for your coming Nextcloud.
For NextCloud, I suggest using NethServers built in module, and set the name cloud.domain.tld. in the Nextcloud settings. Note: If you set NextCloud as public viewable, you do not need to set any rules, NethServer does this for you in the backgroundā¦ 
Using DynDNS is very stable when using it as above. Some friends and I use our home servers in this way, it works very well and stable. But LE is needed!
A next suggestion would be to use virtualization, eg with Proxmox. You get advantages like doing a backup or snapshot before any critical update / uĆ¼grade. And in 2023, one does not really install native servers any moreā¦
I hope this helps you solve your issue.
Itās never to late to learn, sometimes that also involves real work. But in the end itās more than worth it!
My 2 cents, with the best regards to Brasil, Nation of the best footballer of all time!
Andy
PS:
No need for āForgive me for the Englishā, as said, you used a good enough translatorā¦
And you made the effort to communicate in english, as most here do speak english, that does give you a higher chance of success (more people can answer)ā¦
Deepl may be even better for you, a Mexican friend uses that with good success!
(I am aware that Brasil does NOT speak spanish)
I used to work for large, global companies, but I prefer working for Small and Medium enterprises (SME), where I often know the boss on first name basisā¦All my clients are SMEā¦
Thanks for the feedback and effort to help me, however changing the FQDN is very difficult, because the old server died, and the migration was already done to this new one based on the old one (and it took a lot of work).
I appreciate your help, but if there is another option that also works on this current model, it would be very important.
I will follow your advice for the next jobs, this was the first migration.
Thank you for clarifying the matter, and your time availability.
Thanks
1 Like