Cannot access NC inside local network (via Wireguard); works totally fine outside the local net

JMC1971 · April 9, 2025, 3:56pm

The Basics

Nextcloud Server version (e.g., 29.x.x):
- AIO, “Hub 10”
Operating system and version (e.g., Ubuntu 24.04):
- Raspberry Pi OS latest; but NC is running in Docker
Reverse proxy and version _(e.g. nginx 1.27.2)
- Caddy, latest
Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- AIO Hub in Docker (via Portainer Stack)

Summary of the issue you are facing:

I have Nextcloud installed via the AIO (“Hub 10”), installed as a stack through Portainer. It’s running in reverse proxy mode (via Caddy, which is in a separate container).

It all works totally fine - from OUTSIDE my local network. It does not work INSIDE the local network, either physically or via Wireguard. I’d actually like it (actually NEED it) to work the opposite: NOT work outside the local network/Wireguard, and only work inside.

Using host.my.domain gives the “This site can’t be reached … host.my.domain refused to connect” error in Chrome. Using int.er.nal.ip redirects to host.my.domain in Chrome and gives the same error.

The Caddyfile:

host.my.domain:443 {
        reverse_proxy int.er.nal.ip:11000
}

int.er.nal.ip:443 {
        reverse_proxy int.er.nal.ip:11000
}

ddns.name.that.domain.is.aliased.to:443 {
        reverse_proxy int.er.nal.ip:11000
}

The extra Caddyfile entries beyond the first are my attempts to make it work; none of them changed anything. (And yes I restarted Caddy each time.)

The compose text I fed into Portainer to create the Caddy stack:

services:
  caddy:
    image: caddy:alpine
    restart: unless-stopped
    container_name: caddy
    ports:
      - 80:80
      - 443:443
    network_mode: "host"
    volumes:
      - /opt/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /opt/caddy/certs:/certs
      - /opt/caddy/config:/config
      - /opt/caddy/data:/data

The compose text I fed into Portainer to create the AIO master container to begin the installation:

services:
 nextcloud:
    image: nextcloud/all-in-one:latest
    restart: unless-stopped
    container_name: nextcloud-aio-mastercontainer
    ports:
      - "8080:8080"
    environment:
      - APACHE_PORT=11000
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

host.my.domain, localhost, int.er.nal.ip, and ddnsname.ddnsservice.com are all in trusted_domains in config.php (I added the last two in another attempt to fix this…).

Ideas?

JMC1971 · April 9, 2025, 4:44pm

Additional information that might help:

The RPI 5 that runs all my services is NOT connected to Wireguard (my router has Wireguard built in).

I don’t think this should matter, as I run Jellyfin and another app just fine - I just access them via the internal IP of the RPI when on WG and there’s no way to access them without being physically on my network or on WG.

This is how I need NC to work too – but it requires a domain in order to work so I registered one and set up Caddy as per my OP…

AsDinFlames · April 9, 2025, 5:14pm

Hey i’m also new to nextcloud and trying and testing a lot the last few days. I cant access my nextcloud neither via local ip because of the config.php, because i force it to https. For me its not an problem cause i access it always with my subdomain but maybe this could be a thing on your setup?

  'overwriteprotocol' => 'https',

szaimen · April 9, 2025, 5:57pm

Hi @JMC1971, see all-in-one/local-instance.md at main · nextcloud/all-in-one · GitHub

JMC1971 · April 10, 2025, 1:09pm

Thank you for basically fixing my laziness.

I didn’t want to miss with setting up YET ANOTHER service (Pihole) but … that brings a lot of benefits so I went ahead and did that, and it all works.

Thank you again!

system · April 18, 2025, 1:09pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.