Accessing my server outside my network

Hi, I’ve installed nextcloud using “sudo snap install nextcloud” command on my ubuntu machine.
and register and downloaded no-ip utility and registered there the “yoadnext.ddns.net” domain.
but I’m not succeeding to associate it with nextcloud and getting ssl certificate and accessing outside my local network.

i followed those two guides:
https://www.linuxbabe.com/ubuntu/install-nextcloud-ubuntu-20-04-apache-lamp-stack
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-nextcloud-on-ubuntu-20-04

it’s just for me to be able share stuff with my parents so if there any other way to do that without domain/dns server it wold be great.
Thanks.

Hi @yoadmatza

What do you men by “on my ubuntu machine”. Is that your desktop pc, which you also use for other stuff? If yes it is probably not a good idea to host a publicly available server on this machine.

The first of this two guides is a how-to for a manual installation of Nextcloud and none of the things mentioned there are needed if you use the snap package. The second one looks fine and should work in principle

Maybe we can figure this part out, when you are telling us what you already have tried…

Basically, the following things must be fulfilled for it to work:

  1. Your internet connection needs a public IP address (no CGNAT)

  2. Your dyndns name must point to your current public IP address

  3. Ports 80 and 443 must be forwarded to the local IP address of the computer running Nextcloud in your router.

There are other methods like a VPN or SD-WAN solutions like Tailscale, Zerotier etc… But they are not necessarily easier to setup.

2 Likes

HI,
First of all thank for the reply.
I’m running the nextclod on old laptop that i’ve installed on it ubuntu 20.04, I’m planning at the future (if the “dry run” will succeed) to move it to raspberry pi 4 and maybe make more use out of it.

I’ve registered to no-ip and at the host entered the public ip (searched at google my public ip and copied that) , downloaded the no ip tool (uninstalled it sans the) and opened on my router 80&443 ports for my internal ip of the ubuntu machine.
in my router (asus ax56U) there an option of ddns server , i registered and got even ssl certificate but don’t know how to “assign” it to the server if it’s possible.

I’ve thought about vpn option but it’s lass stable and i’m starting to think about scaling up the project.
for the no-ip, i’ve checked if the domain is up throw https://dnschecker.org/#A/yoadnext.ddns.net.

when trying to get ssl with the command “sudo nextcloud.enable-https lets-encrypt” i’m getting this error:

Domain: yoadnext.ddns.net
Type: connection
Detail: Fetching
http://yoadnext.ddns.net/.well-known/acme-challenge/7rqjg3KZcCLUYbg6YCpQraA-oNq4kzHfJTyc6K8y5kA:
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

also I’m thinking if not just buying a cheap domain for like 1$ will solve this (from srvice like this https://www.namecheap.com/ )

Hello,

It is already pointed out by @bb77 about having a public IP for external network access. Googleing about Public IP won’t ensure that your router is also having that same IP.

So first login to your Router and check if the WAN connection is having the same IP as google shown Public IP or not.

If you are having a Public IP, then you need to first set a Static NAT IP for your Ubuntu Laptop running NextCloud. Then as already said, forward TCP Port 80/443 to that said NAT IP of Ubuntu.

That will enable outside access of your NextCloud server from Internet.

Buy a domain won’t solve this issue of Public IP.

So first check what kind of IP address your Router is getting.

Thanks.

I’ve made sure the ports are open on the router and on the machine itself and static ip.
when i’m trying on https://www.portchecktool.com/ it still say it’s close (it sets the ip automatic)
i check my ip with the command “dig +short myip.opendns.com @resolver1.opendns.com” , didn’t find in my router web ui .

I called my isp and from there side the ports open also.
i asked for my ip address and they gave me different one from what I’ve found.
when trying with there ip im getting this message:
IMPORTANT NOTES:

when i check in no-ip there is a record for the domain.

Hi,

Before you can look into your ports, first thing to ensure is that your WAN is having a Public IP. Be it dynamic or static, the type of IPv4 has to be a top level public IP.

Just to summaries this IP thing in short,

You can say there are 3 type of IPv4 addresses. They are look like this format, aaa.bbb.ccc.ddd However, they are in general categories in 3 types or levels of IP.

Tier / Type - I → These are Public IP address, like what you get when ping a website like Google.com, for example, 8.8.8.8 or 208.67.222.222 are tier/type 1 IP addresses. No two devices on internet can have same IP. They are unique on each device.

Tier / Type 2 → These IP addresses are used by ISPs (or VPN / WAN) to save cost of providing top level IP to every individual users. They generally look like 172.xx.xxx.xx or 10.xxx.xxx.xx and such. These IP addresses are just like your local network. they are not directly connected to internet so many computers on different network can have same IP, just like home routers giving same IP to it’s connected devices in different house holds

Tier or Type 3 → These are NAT or local IP address you see generally in your local router home / small business network. They look like 192.168.1.1 or 192.168.0.1 and such.

For a home server to work via external internet access, as an user, you need to have that top level tier 1 IP address upto your router. If you ISP is providing WAN based IP address to your router, then there is no way of directly connecting to your home server.

So first ensure that your router is having a Public IP address.

What is your Router Make and Model? Usually this ISP given address is shown in WAN section.

You can also try running a trace route command on any popular websites like Google.com to see how the connection is getting routed !!

Thanks.

1 Like

thanks for the detailed answer.
my router is Asus rt-ax56u.
i entered in the noip configuration the same ip i get when i ping sites like google.com, and also tried disabling interlay the firewall on the router but
getting this message:

Domain: yoadnext.ddns.net
Type: connection
Detail: Fetching
http://yoadnext.ddns.net/.well-known/acme-challenge/9zZ_ZRfQ23FV7SKqMspKTU8B9IrEGTpOrdAWmXZbDN4:
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

Hey @bb77 , I’m a complete noob when it comes to this stuff.
How do I get a Static Public IP Address assigned to my internet connection (I presume you mean my router that was provided to me by my Internet Service Provider)?

Do I have to go and buy a static IP address and then tell my Internet Service Provide (ISP) to assign it to my router?

If that’s not how it works, can you please explain what usually happens?

Btw, I’m based in Australia, not sure if that helps provide you with more context.

Thanks.

I think you are approaching it in a wrong way.

Before you can setup domain, while in setup up phase like this, you should be playing / testing directly with IP.

I done have the said router so couldn’t come up with exact navigation, but from a Youtube review I am taking this below screenshot. In your router login page, under network map option, what is the WAN IP shown?

Does this WAN IP matches with the Google search of your Public IP?

Thanks.

@NaXal
Thanks!
i did a bit investigation yesterday long story short, no the ip in my router doesn’t match the one i get when i search . witch mean that i’m under my ISP NAT / CGNAT and that what i’ve missed / didn’t understood, i didn’t know about that and that’s why opening ports and setting port trigger didn’t actually open them!
i do have ipv6 address witch from my understanding can’t be under isp NAT but i’ll call and ask for getting me out.

1 Like

Hello,

You can ask them to assign a Public IP. It doesn’t necessarily need to be a Static one, even the dynamic IP will do too via your Dynamic DNS setup.

If you end up getting static ip, in that case it would work directly.

In case your ISP is uncooperative with any of the requests, you can always switch to a different one allowing you the option for Public IP, in case that too isn’t possible, then you have take the VPS + VPN Tunnel route to access your Server behind this CG-NAT

Thanks.

ASUS routers have their own DDNS service (WAN / DDNS) which really works fine (Server: WWW.ASUS.com). After successfully registering the “hostname” will be valid hostname.asuscomm.com and will automatically update in the router. It can be queried for verification at http://iplookup.asus.com/nslookup.php, which will return the current WAN IP (IPv4 not v6).

1 Like

Yes @PRF-RPI4 , i saw that and made one but i didn’t succeed to “attach” it to the nextcloud server (sudo nextcloud.occ config:system:set trusted_domains 1 --value=hostname.asuscomm.com) , if you have any idea what i mite missed it would be helpful :smile: .

Hello,

Change that numeric value after domain to 2 then 3 and so on for every trusted domain that you are adding. If you have added your localhost or the server static nat IP as 1, and run the same command with a different IP or TLD, it will replace that first one.

Secondly, without a Public IP in your router WAN, DDNS server will not work.

Thanks.

Hi, thank you for everyone how help :slight_smile:
my isp disabled the NAT and i have public ip.
after doing the cetbot certificate it still says thet the connection is not secured when entering the domain.
any ideas ?

Screenshot 2022-02-15 090606

HI, maybe find here an answer: https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/

Look to my NextCloud interface, https is ok
NextCloud-https

Thank you,
it just needed a bit more time.
Everything working now , a bit slow but i guess that do to the internet speed.

The only thing is i synced a folder from my main PC and it deleted everything from that folder, any idea?

Screenshot_2022-02-17-14-41-46-465_com.android.chrome
Now you need to add your domain address into “trusted domains” in /config/config.php file.