Can only access Nextcloud on laptop through Tor? (no client, webDAV, Chrome, Firefox, etc)

k_smith314 · January 3, 2019, 8:14pm

First post, just wanted to say - I absolutely love Nextcloud. I’m a PhD student and I use it for all my files, photos, notes (Joplin), calendars/tasks, academic references (Zotero) on my phone, personal, and research computers. After setting it all up on a Raspberry Pi at my house I’m now in complete control of my data and just paying for the electricity to run the Pi. So a big thank you to everyone involved with this project!

Nextcloud version: 14.0.4
NextcloudPi version: 0.67.11
Operating system and version: MacOS Mojave 10.14.2 (18C54)
Apache or nginx version: Apache ??
PHP version: 7.2.13

The issue you are facing: On my laptop, a MacBook Pro, when I am outside my home network, the only way I can access Nextcloud is through the Tor browser. In the MacOS client, WebDAV applications, Firefox, Chrome, etc. the connection keeps timing out. In the Tor browser, it loads the login portal in a couple seconds, and it works in Android Firefox and the Android client when I’m on the same network as my MacBook, so the issue isn’t with the router configuration or firewall.

I can access it on both my work computers (iMac and Windows PC) and my Android, both on mobile networks and WiFi. I’ve accessed my Nextcloud install on other Mac laptops as well, so I’m confident my Nextcloud instance is configured correctly.

I cannot understand why my MacBook Pro is seemingly blocking all Nextcloud connections - I’ve installed the LetsEncrypt certificates manually, made exceptions in my firewall, etc and I’m confident the problem is somehow to do with my MacBook’s security and/or network configurations - maybe something I accidentally did when trying to configure access to my subdomain name while on my home network.

Any suggestions would be very much appreciated! I’m working remotely from the US right now, my Nextcloud install is on a Raspberry Pi in a house in England, and all my files/calendars/photos/notes/todos/references aren’t working on my main computer.

Is this the first time you’ve seen this error?: No

The output of your Nextcloud log in Admin > Logging:

no log updates since the problem started

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

no remote access

The output of your Apache/nginx/system log in /var/log/____:

no remote access

Schmu · January 3, 2019, 9:04pm

I suspect DNS or /etc/hosts configuration.
Can you run nslookup against your server’s FQDN (like https://nextcloud.mydomain.com) on your Macbook?
Please check the real public IP address of your server as well and compare both addresses.

For the first idea, check in /etc/hosts that you didn’t direct your server’s FQDN to the local IP address (for example to make the LAN connection work in the first place).

k_smith314 · January 4, 2019, 10:08pm

Wow, I feel like a dummy. I had changed my /etc/hosts file to get all my WebDAV services working with my FQDN when I was on my home network and totally forgot about it. Just commented out that line, flushed the DNS cache and it works again! Thanks so much @Schmu.

Hopefully other networking newbies like myself can see this post and avoid the needless headache. Now I’m not sure if my laptop will connect when I’m back on my home network, but if it’s just a matter of changing that line in /etc/hosts, I can manage.

Schmu · January 4, 2019, 10:13pm

I’m glad it helped.
It shouldn’t be any problem to access the local reachable server from the home network via its FQDN actually.
If the router is a good one, he does DNS rebind and connects you to the local network address of the server, a medioca router will route you through the internet. In any case, you should reach your server - actually. The devil is a squirrel

k_smith314 · January 4, 2019, 10:18pm

Is that phenomena also called “NAT loopback?” My NC report says the router has this capability, but I’ll try to remember to update this post later to see if it’s working when I get home in a couple weeks.

Schmu · January 5, 2019, 7:51pm

I think it is a synonym, yes.
If your router supports it, you could check if it is probably disabled currently (by default or for some other reason).

Just in case you and other users still have issues with the constant switch between local and external access to your NC server, I wrote a small Powershell script which can make the changes to the hosts file for you automatically on login for example or manually triggered by execution.

To set everything up, you only need to:

prepare your hosts file and if not already done, add an entry for your server, like:
192.168.1.100 cloud.mydomain.tld
create a text file with a name of your choice, but with file extension .ps1
copy the following code into this text file:

$server_hostname = "Nextcloud"  # enter the hostname of your NC server here
$server_ip = "192.168.1.100"	# enter the LAN IP of your NC server here
$fqdn = "cloud.mydomain.tld"	# enter the FQDN name here, which is already used in your hosts file

$hostsPath = "$env:windir\System32\drivers\etc\hosts"

if (Test-Connection -Cn $server_hostname -BufferSize 16 -Count 1 -ea 0 -quiet)
{ 
	# Uncomment lines containing your FQDN:
	$hosts = get-content $hostsPath
	$hosts = $hosts | Foreach { if ($_ -match '^\s*#\s*(.*?\d{1,3}.*?' + $fqdn + '.*)') {$matches[1]} 
								else {$_} }
	$hosts | Out-File $hostsPath -enc ascii
} 
else {
	# Comment lines containing your FQDN:
	$hosts = get-content $hostsPath
	$hosts | Foreach {if ($_ -match '^\s*([^#].*?\d{1,3}.*?' + $fqdn + '.*)') 
                  {"#" + $matches[1]} else {$_}} |
         Out-File $hostsPath -enc ascii
}

change the first 3 variables ($server_hostname, $server_ip and $fqdn) to match your environment
(optional) create a Windows scheduled task via “Computer Management”

press the keys WIN + R
in the opening window type compmgmt.msc
go to “System” and then “Scheduler” or “Scheduled Task” or something like that (don’t know in English)
create a new task
- on the tab “General” give it a name and important check the option “run with highest privileges”
- on tab “Trigger” define “Start Task” to be “On Login”
- active “specific user” and configure your user if you need that only for yourself
- on third tab “Actions” configure to run a program and select your powershell file you created in step 2
- make adaptions to the task as you wish and prefer

(optional) or run the script manually when you need it; just make sure to start a Powershell with Administration rights, otherwise the script cannot make any changes to the hosts file

right click on start menu button
select “Windows PowerShell (Administrator)”
enter the path to the script and hit enter

I hope you guys find this helpful.

Schmu · January 9, 2019, 9:01am

@k_smith314, made any progress?
Have you been able to fully solve your issue?