101: Network, domain and DNS

đź“‘ How to
, , ,
1

Network requirements for self-hosting Nextcloud

Network

Assuming a network where the host running Nextcloud acquires a static local IPv4 address from DHCP/router and the required TCP ports 80 and 443 are enabled and internet facing for that IPv4 address, the routers public IPv4 address must be available via DNS (Domain Name System) request.

  • static local IPv4 address from DHCP/router
  • internet facing TCP ports 80 and 443 for local IPv4 address
  • DNS entry pointing to routers public IPv4 address

Domain name and DNS

While some folks own a domain name like mydomain.com connected to their static public IPv4 address and will probably have a subdomain pointing to the host like cloud.mydomain.com.

Self-hosting users usually have a dynamic IPv4 address which could change under certain circumstances. These users require a DDNS provider (DynamicDNS provider) to keep track of their routers public IPv4 address connecting a domain name like cloud.mydomain.mydnsprovider.xyz pointing to their routers (dynamic) public IPv4 address.

There are plenty DDNS providers out there to choose from. Some come at a fee, some are free, many offer domain names, others don’t. Often you will have a choice of domain names, sometimes you have to take what is available. Do some research and make the right choice for you.

Thus DNS (Domain Name System) resolves a “human readable domain name” to your public IPv4 address. That will be the domain name required by the client to reach your Nextcloud instance.

A DNS entry pointing to your public IPv4 address is a requirement for an SSL certificate for HTTPS encryption.

Multiple domain names, sites, ports and services

TCP ports 80 and 443 are quite the commodity. You only have one of each for your public IPv4 address.

The only way to support multiple sites and services on those ports, without changing the default ports, is to have a local web server or a reverse proxy server that’s responsible for listening on those ports, taking a look at the domain names being visited and forwarding the traffic accordingly. As an advantage that reverse proxy server could handle SSL certificates for HTTPS encryption (a.k.a TLS termination) if required and added security being the single point of entry.

See Nextcloud reverse proxy documentation and 101: reverse proxy.

Additional references

Some network configurations could complicate self-hosting scenarios:

CG-NAT

CG-NAT (Carrier Grade Network Address Translation) commonly known as DSLite (Dual Stack Lite) offered by many service providers will technically not provide a public IPv4 address. There are workarounds however.

Contact your service provider and request a public IPv4 address (comp. Full Dual Stack) or do some research for alternative IPv6 to IPv4 tunnels.

What CG-NAT is, how to detect it, why it is bad, what can you do about it

VPN

VPN Services - an alternative access method, which greatly restricts access.

3 Likes
Grundaufbau und Installation mit Reverse Proxy
How-to/FAQ WIKI
Nextcloud AIO failing to connect (but was working fine yesterday)
New to linux in general. Having trouble writing to external local drive
Existing Nextcloud via nginx
client connection issue
Login app android nextcloud localhost
Which config.php is the right one and how to add trusted domains correctly
Automatic Forwarding from Domain to Local IP
File transfert and loopback problems
AIO on UGreen NAS: after moving behind new router and switching domain, apache fails acme
Quitar aviso de encriptaciĂłn
Can't upload things on my Nextcloud Server (Unraid), it show's "Unknown Error" (Logs below)
SOLVED: Untrusted LetsEncrypt Certificate on Snap Self-Hosted Server? Internal IP, External IP, aliasname, FQDN, local DNS
Cannot realtime edit with OnlyOffice App interface
Federated shares working partially
Cannot connect from linux setup
Configuration de Nextcloud avec un IP publique
Office Server not opening document
Fresh install of Ubuntu and Nextcloud 30.0.5 Can't access from local network
SSL certificate requirement and Talk app
NextCloud AIO Docker ( 443 Loginpage broken pipe )
Using 2 Nextcloudpi instances with reverse proxy (by NGINX Reverse Proxy Manager)
How to connect Nextcloud via Rustdesk
Self test fails behind HAProxy but everything else works
Cant access AIO after switch to fritzbox 7590
Looking for tips, advise, best practice on NextCloud: New user
Offline access and/or documentation for secure online access
Apache Setup IPv6 only - Vodafone DS Lite
Failed to fetch discovery endpoint from https://, cURL error 28
Nextcloud Nautilus integration
Error while discovering ocm-provider
Error setup Talk High Performance Backend
2

With the limitations of NAT and carrier-grade NAT, it is perhaps worth mentionning that ipv6 might be an option for a few people. In some countries, coverage reaches 70-80% including mobile networks, so if all your used networks support ipv6, this can be an easy and inexpensive alternative.

Nextcloud installation only from lan accessible but need cert for https
Cant access AIO after switch to fritzbox 7590