Access nextcloud from the outside

I’d like a clarification. without port forwarding of ports 80 and 443, will it not be possible in any way to access nextcloud from the outside?

Without 443 or 80 port forwarded you will not be able to access your Nextcloud instance.

You could create an internal VPN that you can connect to to access your Nextcloud, but as far as I am aware that would be your only option if you don’t want to open 80 or 443.

You could try using a different port too.

The matter is simple. I don’t have access to the firewall and I have no idea where it is. The solution of creating an internal VPN is fine for me, if the result is the same. I ask you if you can give me further advice on how to create and configure the VPN so that I can use nexcloudpi. Thanks again!

I think I misunderstood your question, creating an internal VPN would also require port forwarding… If you are unable to port forward and do not have access to your router/firewall, you won’t be able to access your next cloud instance outside of your network.

not true. you need one node with a public ip address to route everything through. nextcloud can be behind nat while vpn is not.

ultimately, can a VPN help me?

yes, but you need to set it up yourself and set up routing and all.

the simplest way is to use tinc: tinc-vpn.org

do I have to install it in the nextcloudpi container?

if you want to install it in the container or on the host is up to you, but you also have to install it on a server somewhere and on each client, and create the network

1 Like

if you have enough patience, could you help me out?

you should read the documentation.+

I can help you, but I can’t install it for you.

the most important thing is that you need to have a machine with a public ip, reachable from every node.

Thanks Giuseppe, how do I get a public IP? should I buy a vps?

Well, in some companies you are not allowed to bypass everything by VPN is not really a good idea. Only thing where you probably need a VPN or something if you have a provider and you get a shared ipv4 address (dual stack light). however, if all your clients have ipv6, you could go full ipv6.

1 Like

ok you’re right, using the VPN is not a good idea. So what would you use?

If you are doing this inside a network that you do not control (such a company, school, university) then you may wish to ask the IT department about how you could make your host accessible (they may have a specific hosting platform you can use).
Otherwise, if you purchase your own VPS, then you’ll be able to make the necessary configuration changes to make this accessible.

It is possible to use on an VPS in the internet a VPN from inside your network to the VPS (openVPN, SSH tunnel) and then contact at VPS in the internet and use the tunnel backwards. I think this is not a good idea an not an easy setup.

Alternative 1 :
Ask your network provider to use port forwarding to your home. Perhaps it is possible with IPv6 and an DynDNS-Name and Lets Encrypt Certificate.

Alternative 2:
Use a VPS in the internet and install Apache2, MariaDB, Nextcloud, Lets Encrypt on your own

Alternative 3:
Use a Nextcloud Hoster. https://nextcloud.com/providers/

thank you so much for the solutions listed.
alternative 1 does not seem to be good for me, since it is not just me who has to use nextcloud, but 250 students.
alternative 2 and 3 also, because the shared folders are located on the local nas and I would like them to be synchronized with nextcloud.

In this case you should change your internet provider or ask him how to use port-forwarding.

In Germany it is normal to use DynDNS and port forwarding with Fritz Box.
What is your provider? What is your router? Do you use a static or dynamic ip-adress?

Here an english video to configure port forwarding on Fritz Box

Also you need and DynDNS-provider to match DNS-name on dynamic IP adress.

it is a provider for public administrations.
since I created a nextcloud account on Webo.hosting, it would be interesting to synchronize it with my local nextcloud. it can be done?

Please be open upfront. For this reason you get so many different answers because we don’t know your use case.

The problem in these environments is that they have policies that you must not do such things because it can compromise their network security.

You have so basic questions and then you directly want to set up such a large setup? Start rather small and gain some experience first.