Nextcloud Dyndns External Access

Hello guys for a change, passing by to ask for help :blush:
I am using Nethserver version 7.9.2009 along with Nextcloud 25.0.2. Well, locally everything working correctly.
I have a Dyndns address because I am using 2 internet links on my Nethserver.
External access works to access Nethserver but not to access Nextcloud, it could help me in this condition.
Thanks again.

Which is the error message of the browser trying to access to NextCloud?
Is your Nextcloud configured as a VirthalHost or as an application?

For instance.
Assuming your Nethserver public FDQN is mynethserver.dyndns.ext.
If you use Nextcloud as application, access should be mynethserver.dyndns.ext/NextCloud (don’t quote me on capital letters, i don’t have any handy access to NextCloud installation currently)
If you use as VirtualHost, you should have also a mynextcloud.dyndns.ext, and this FDQN should also be requested via DynDNS client and as Let’sEncrypt certificate.

2 Likes

Is there a procedure I can follow to make these changes to the system?

Without knowing your current setup no one can pinpoint you to any procedure…

Hello @zepepa

  1. Is your NethServer running as your riouter Firewall or are you using - more reasonably - another box as firewall / router?

  2. Most “normal” people here using 2 Internet Links (Failover) have at least one of the two as a static address.

You are saying you have a DynDNS address only because you’re using two Internet Links? This does NOT make any sense! And I think you know this!


Sure there is a very easy to reach NextCloud externally, at least with one of your two Internet connections…

Just set up LetsEncrypt for your NethServer, using your DNS Domain. You are, like most sensible people using a REAL DNS Domain on your NethServer? Or are you still using pre-2000 crap like .local or .lan domains?


I just wish some people seeking help here would stop acting as though we’re all mind-readers or something. No, I’ll admit I’m not telepathic or likewise gifted!
And: this is not top secret stuff is it?

So why not give us some basic infos so we can help you?
I’m pretty sure you’re running your NethServer as firewall/router, but not one word from you after 2 posts?

What’s wrong with you guys?


PS: @zepepa

I will attest you decent, understandable english in your two posts. Even if you’re not a native english speaker (writer), whatever translate service you’re using is good (Deepl?).
However, despite the decent enough english, there’s hardly any info to your situation / connectivity / and important settings like LetsEncrypt and if you’re using a real domain name and if you are using NethServer as firewall/router.
I do not have exact stats, but I’d say less than 50% of users on this forum use NethServer as firewall. Neither I nor my 30+ clients use NethServer as Firewall… I see NethServer as a great single server running several services for SME-companies, but I do not see NethServer as a firewall. I use OPNsense, a distro which does nothing else except firewalling and routing, and this runs on it’s own box.

If I ever have issues with NethServer, I want to be able to access the Internet to fix it wih help from the Forum or Google…


My 2 cents
Andy

Hi Andy

Forgive me for the English and yes I’m not fluent in that language, however just for that I didn’t need to be so aggressive, I particularly didn’t read anywhere that only “Jedis” could post a question in the forum, but again yes you are right.

I’m an enthusiast of the platform and in fact I’m blocking some points that I’m not getting success, for that reason I decided to ask some questions in the forum.

If I was empty, again I apologize, for me it’s still a start, I worked with Zentyal for a long time, and recently I discovered Nethserver.
Leaving aside the unpleasant part caused by my questions, here are some pertinent clarifications.

1 ) I use two 2 internet links but they are not fixed ips, they are dynamic so I decided to use Dyndns to translate these addresses. (if the English is still bad, forgive me, I’m using Google).

2 ) The use of Letscript for Nextcloud I did not find. But since I migrated my previous server to nethserver I still use the crappy .lan domain (I didn’t change much because of knowledge and time to change equipment).

  1. Yes my Nethserver is like Firewall, File Server, AD and Backup, unfortunately. I work with some small and medium-sized companies, nothing big as you may be used to, what I need here is cost, that’s why Nethserver stood out.

Finally, I believe that’s it, all help is welcome, but if you can’t help either, you don’t need to be harsh or exaggerated with your words, but even so I’m aware of my limitations and I hope I can improve over time.

Thanks to the whole community
Zepepa (Brazil) :heart:

Initially I need (I believe) to create a release rule for external access on NextCloud

Internal Network Access: https://192.168.10.1/nextcloud :+1:
External Public Access: https://server.serveftp.org/nextcloud ( dyndns ) :-1:
Accessing Nextcloud https://server.serveftp.org:9090 :+1:

Fictitious addresses but that’s the idea

Hi @zepepa

Thanks for the background infos…
I did think I was a bit “rough”, but I hope not too harsch.
And, I never put any requirement that only Jedis / Gurus / Experts are welcome here - or get answers…
Everyone starts somewhere, that’s understood. Also we think the only dumb questions are the ones never asked. But art least tell us about your environment!

I am here on the Forum (At 04:00 AM in the early morning…) to help, so let’s see what’s possible…

One of your major problems, even if you do not see the whole picture yert, starts from your use of the .lan domain.

  1. The use of .local or .lan domains started before the year 2000, as a suggestion from Microsoft, eg for use in their Active Domains, an also because Microsoft did not quite understand how DNS works, despite them programming and including a DNS server in every Server version of Windows since then.

If I recall correctly, it was around 1998, that Microsoft, a company which does not have “budget” problems like others may have, were running their own DNS service, at the time 4 seperate DNS servers. At the time, the Microsoft complex had also more than one Internet Uplink, for redundancy reasons - which makes sense.

But putting all 4 DNS servers behind the same Firewall / Router, on the same Internet Uplink is simply asking for trouble… And that happened when a technician made a typo in the default route for that router, disconnecting it from the Internet. A few hours later, Microsoft completly went off the Internet, Google could not find them… One of the reasons why DNS best practices suggest 2 seperate sites, behind 2 different ISPs or even technologies, to minimise DNS downime. And without Internet DNS, you do not exist… Globally, they were Offline for 3-4 days… (!)

In any case, after that, then CEO of Microsoft Steve Ballmer outsourced all external DNS services to people who knew how tzo handle DNS, and Microsoft started giving out the stupid advice of using .local as AD domain…

Microsoft for at least 12 years now suggests using a subdomain of your real DNS domain. Example: ad.domain.tld.

  1. Modern devices, like the ubiquitious smartphones, be they Android or iOS, do require a valid SSL certificate to work reliably. Sure you can manually import the cert, and it will work maybe more than one day, but you’ll soon understand why certificates are needed… Additionally, a lot of existing commercial programs available require nowadays valid SSL certs too. On top of the commercial ones, open-source stuff, especially PHP and JAVA programmed stuff will require valid SSL to work.

→ So my first suggestion is relieve yourself of a major headache, and redo your NethServer (Keeping Data) by recreating your AD or the whole NethServer. Keep a record of Users / Groups and Permissions.
Also keep a record of DHCP & Reservations used.
I’d suggest a FQDN of:
nethserver.domain.tld
and for your AD use
ad.domain.tld
and for your Nextcloud, you might as well use:
cloud.domain.tld

Make sure to add both names in your external DNS hoster, and point them to your external IP.

Now, once DNS has replicated globally, you should have NO issues using NethServers built in Let’s Encrypt in Cockpit…

Make sure you add in nthe FQDN and the AD as alias, in the LetsEncrypt request, but also under Aliases in the Server-Aliases in the Cockpit Startpage (Deshboard). And also the cloud.domain.tld for your coming Nextcloud.

For NextCloud, I suggest using NethServers built in module, and set the name cloud.domain.tld. in the Nextcloud settings. Note: If you set NextCloud as public viewable, you do not need to set any rules, NethServer does this for you in the background… :slight_smile:

Using DynDNS is very stable when using it as above. Some friends and I use our home servers in this way, it works very well and stable. But LE is needed!

A next suggestion would be to use virtualization, eg with Proxmox. You get advantages like doing a backup or snapshot before any critical update / uügrade. And in 2023, one does not really install native servers any more…

I hope this helps you solve your issue.
It’s never to late to learn, sometimes that also involves real work. But in the end it’s more than worth it!

My 2 cents, with the best regards to Brasil, Nation of the best footballer of all time!
Andy

PS:

No need for “Forgive me for the English”, as said, you used a good enough translator… :slight_smile:
And you made the effort to communicate in english, as most here do speak english, that does give you a higher chance of success (more people can answer)…
Deepl may be even better for you, a Mexican friend uses that with good success!
(I am aware that Brasil does NOT speak spanish)

I used to work for large, global companies, but I prefer working for Small and Medium enterprises (SME), where I often know the boss on first name basis…All my clients are SME…

Thanks for the feedback and effort to help me, however changing the FQDN is very difficult, because the old server died, and the migration was already done to this new one based on the old one (and it took a lot of work).

I appreciate your help, but if there is another option that also works on this current model, it would be very important.

I will follow your advice for the next jobs, this was the first migration.

Thank you for clarifying the matter, and your time availability.

Thanks

1 Like