After I set up nextcloud, I made a subdomain pointing to the static ip (local not public) that I configured. Now I want to access it through the subdomain from anywhere. What do I need to do? Do I need to point the subdomain to the external ip (I’m behind a router) or to the local ip?
For accessing from the internet you need an dyndns-service and the correct configuration on you router (dyndns-service and port-forwarding). You must use port forwarding for the tcp-ports 80 AND 443. After port forwarding works from the internet you can use e.g. Lets Encrypt for a certificate. Lets Encrypt needs the port 80, your cloud needs 443. You must forward 80 and 443.
point the dns of your sub-domain to “static-ip” (A or CNAME).
Configure the sub-domain on your apache2/nginx on your internal-nextcloud-server.
Use Lets Encrypt. Read an example (part Lets Encrypt) for inspiration.
I port-forwarded port 80 and 443 to my server and when I try to secure the sub-domain with Lets Encrypt, it says: Domain: nextcloud.example.com Type: dns Detail: No valid IP addresses found for nextcloud.example.com
Edit: The sub-domain is just an example. And if I’m in my home network, I can access nextcloud through the sub-domain, but outside I can’t.
@Johnscaban this is strange, do you have access to your nextcloud using your domain ( or subdomain) name?
Can you send your apache file .conf for your nextcloud ?
To which ip address do the DNS records for cloud.example.com point? The DNS records must point to the external/public IP address. Otherwise access via domain name from outside your local network will not work.
The external/public IP address is the same in every computer I use. Is that supposed to be like that? Right now I have it pointing to my private local IP so I can access it.
The public IP address is assigned to you by your ISP. Either dynamic or static, depending on the subscription you have. With a normal residental internet subscription you usually only get a dynamic ip.
This is what is says when I try to secure my sub-domain with Lets Encrypt, now that I pointed my sub-domain to the external/public IP:
Domain: nextcloud.example.com
Type: connection
Detail: Fetching
http://nextcloud.example.com/.well-known/acme-challenge/sj097QF1DvHJdUFGxzqL4Hv7LS2VId5UQahNcD1MIos:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Yes, I think, I went to the port forwarding section and I entered port 80 and then I entered the local static ip of my Nextcloud server. After that, I repeated it but with port 443.
I went to the page and entered my sub-domain. In all of the DNS servers, the IP is the external/public IP address. But it still says this when trying to secure it:
Domain: nextcloud.example.com
Type: connection
Detail: Fetching
http://nextcloud.example.com/.well-known/acme-challenge/sj097QF1DvHJdUFGxzqL4Hv7LS2VId5UQahNcD1MIos:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
No, it doesn’t work. I type the external IP and it doesn’t connect to anything. Do you want me to post my static IP configuration if it’s for any help?
We are talking about four or actually five different things here that have to work together properly:
The private and static IP address of the server
The public IP address of your internet connection, which can be either static or dynamically assigned by the ISP.
the public DNS records of your domain
the internal DNS records of your domain inside your local network.
and last but not least: NAT
For everything to work, the following requirements must be met:
The server needs a static private IP address. This point seems to be fulfilled.
The public IP address of your internet connection must be known. The IP can either be fixed or dynamically assigned by the ISP. If it is dynamically assigned, you need a DynDNS name from a so-called Dynamic DNS service, otherwise you have to change your DNS Records manually everytime your public IP address changes.
There must be a public DNS A or CNAME record for nextcloud.domain.com in place, pointing to your (fixed?) public IP. In case of a dynamic public IP address, there must be a public CNAME record for nextcloud.domain.com in place, pointing to your DynDNS name, wich then points to your current public IP address.
There is also an internal DNS A or CNAME record for nextcloud.domain.com (in some routers called host override) required, that points to the private IP address of the Nextcloud server. This is needed for clients inside your local network be able to connect to your Nextcloud via domain name. If your router supports NAT loopback/reflection, it may also work without an internal DNS record/Host override entry.
And last but not least: NAT. The ports 80 and 443 must be mapped/forwarded to the private IP address of the Nextcloud server.