Cannot access Nextcloud from outside the network (Docker, Nginx reverse proxy)

I hope you can help me, since I’m running out of ideas right now. I had setup my nextcloud via official Docker image (Docker) on my home server and put it behind an Nginx reverse proxy. When I had DSL a few weeks ago everything worked fine with my Fritzbox 7530. No I changed to fiber and got a Fritzbox 7590 and all of a sudden nothing works as it should. I cannot access my Nextcloud from outside the network, even though the domains should be updated to the current IP address. What’s working is using the domain in my case with the port :8080 behind. But that’s only working if the PC or smartphone is connected to the internal network. From the outside it says that the server is not reachable.
I used the default configuration of the Nextcloud docker image, because I’m not a Docker master, I just want a good way to work with it. And before I switched to fiber it actually worked pretty well.
My Nginx conf file is preety rudimentary, maybe something’s missing in there as of now, but as I said, it worked before I switched my internet provider.

This is my nginx.conf:
server {
listen 80;
server_name myservername;

location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

Redirect HTTP requests to HTTPS:

return 301 https://$server_name$request_uri;

server {
listen 443 ssl;

ssl_certificate /etc/letsencrypt/live/servern/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/servern/privkey.pem;

… (Other SSL settings - ciphers, protocols, etc) …

location / {
# … (Same proxy configuration as above) …

Thank you in advance for your help!

Given the change that caused the issue is you swapping out your modem/firewall it’s not going to be an issue with Nextcloud nor your proxy.

It’s probably a problem with your port forwarding or firewall on the modem.

I know, that’s what I think too.

This is what my forwarding looks like. The thing is, it should be working, but it is not …
I’m actually totally running out of ideas. …

You have your proxy listening on port 80 and has a redirect to 443. The screen shot only has port 80 and no port 443. HTTPS goes over port 443.

Also are you sure you want to be exposing the other ports?

I tried to forward port 443, but for IPv4 the router forwards a weird port instead.

I don’t understand why this is happening …
I removed the “exposed host” but if I “expose” the host, doesn’t that mean that port 443 should have been open all along?

You should double check if you enable external access in your Fritzbox. In case this is enabled your Fritzbox will use port :443 for this purpose and it becomes unavailable for port forwarding. You should double check if your DNS record is pointing to your public IP (and you have valid IPv4 public IP - or run behind CGNAT)

for security reasons I you would recommend not to expose SSH and portainer… consider using integrated Fritzbox VPN.

1 Like

Thanks for your help! It was configured to be accessible from the Internet, however it was not port 443. I disabled it for testing but it had no effect … Unfortunately it didn’t work :frowning:

On your last screenshot there are two entries using port 443 - the upper one is at the upper border.
Disable it and try again, if it is accessable from outside.

(Disclaimer #1, first post on this forum)
(Disclaimer #2, this is probably due to a problem with the router, not NextCloud, but I am also posting my findings here to inspire further examination of the root cause)


I am at a very similar situation as the OP. My setup is a server with Docker + Nextcloud on Traefik reverse proxy, with 80 re-routed to 443 and certificates managed by traefik powered by letsencrypt.

My ‘Port Sharing’ options on the Fritz!Box 5530 are identical to the OP’s (as far as 80 and 443 goes).

I also have no trouble accessing the server via the DDNS-resolved domain when I am inside the local network, but ONLY when accessing it through LAN (my client is a PC connected via ethernet to the router, same as the server).

When I try to access the domain via my phone (WiFi), it doesn’t work.

Maybe it has something to do with inner DNS resolution, via NAT Loopback? I am lost, as I have no way of accessing these advanced settings via the router’s web interface.

Thank you in advance for any answers,
George K.

this could happen because of ipv6 - mobile devices prefer IPv6 today - if your public dns record includes AAAA record this might result in issues local_network - maybe this helps you on the right track Accessing nextcloud via ipv6 and client issues - #2 by wwe


Thanks for the quick reply! I have checked the ipv6 possibility, and I have already disabled all ipv6-related settings on my router. I also disabled the ipv6 lookup at my DDNS-based domain provider (dynu). But the problem persists.

What I have also discovered is that the Fritz!Box devices can be made public through the internet, and AVM can provide an auto-generated subdomain for said router. I previously had this option enabled, and when visiting the domain, I was directed to the default page (on port 80) of my Traefik resolver, which is a blank 404-style HTML page. So that makes me realize that the port forwarding is working correctly, but only for the AVM auto-generated subdomain. Resolving through my own domain (and subdomains thereof) is still not possible.

I have disabled access from the AVM subdomain and all their relevant settings. I even deleted my FRITZ!Box from my FRITZ!Net account. I am now waiting for their DNS to be updated, I guess…

I will post again on further updates and possible solutions I have found.

UPDATE (May 26, 2024):
My ISP was at fault. Their firewall cuts off any and all connection attempts to 80 and 443 ports. I contacted them to open the ports and so they did.