Cannot connect to Nextcloud server with Public IP

I’m a new person to networking, so this could be a very simple issue. Excuse my poor knowledge.

I installed Ubuntu Server on a Server PC that I have. It is connected with an Ethernet cable to my router. My main home PC is also a part of this network, connected also to the router.

My main goal was to set up Nextcloud on this Server PC, and everything worked fine: I could access it via SSH, I could also visit the website with a subdomain that I had with DuckDNS. The only thing left for me to do was to get a Let’s Encrypt certificate to be able to use https. Because I couldn’t get it to work, I tried setting up port forwarding on my router’s settings, opening the ports with ufw and trying to switch to another DNS provider. However, this is when the issues start to appear. I don’t know if it was something that I did, but now I cannot connect from any device to my Server PC with the Public IP, this means that I cannot use the subdomain nor type the Public IP on the search bar to visit my Nextcloud instance and trying to use SSH again, with the Public IP does not work. Both things previously mentioned do work if I use the Private IP instead.

So, these are the things that I have tried:

  1. Setting up port forwarding (and also turning it off)
  2. Restarting the router to get a new Public IP
  3. Factory resetting the router
  4. Disabling the firewall temporarily
  5. Using the command ufw allow 80,443,22/tcp
  6. Reinstalled Ubuntu Server on the Server PC

The error when trying to SSH into the server is the following:

ssh: connect to host (Public IP) port 22: Connection timed out

And the error that I get when I try to access the Nextcloud instance with Public IP or subdomain is very similar:

The connection has timed out

The server at (Public IP) is taking too long to respond.

If you need more details, please, leave a comment.

Thanks for reading.

Maybe a problem with ufw. Why don’t you install and configure Nextcloud incl. ssl correctly first and activate the firewall when everything is running or better leave it out completely. But i think your ports ok. Lets Encrypt needs 80 and 443.

I don’t think it is ufw, as I already updated it several times, and still does not work. I reinstalled Ubuntu Server, and if ufw was the issue, that should’ve fixed it.
Previously, I was able to access it with the Public IP even without setting up ufw nor port forwarding.
It’s really a weird issue.

i would check from within first, then go out.

From the NextCloud server (you can configure ufw, so I’d assume you have shell access), do a netstat command and make sure the web service is listening on port 443.

If passed, then I’d then try to connect to the server internally…make sure to add your internal IP address to config.php then restart your web service.

if passed, then I’d check your firewall…if you are have dynamic IP, then I’d check and make sure that service is running and you are connecting to the correct IP from outside.

This is the output I get from the netstat command:

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 server:32912            aerodent.canonical:http TIME_WAIT
tcp        0     36 server:ssh              192.168.0.2:57792       ESTABLISHED
udp        0      0 server:34497            dns-c:domain ESTABLISHED
udp        0      0 server:49903            dns-cu.i:domain ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    74442    /run/user/1000/systemd/notify
unix  3      [ ]         DGRAM      CONNECTED     19656    /run/systemd/notify
unix  2      [ ]         DGRAM                    19673    /run/systemd/journal/syslog
unix  9      [ ]         DGRAM      CONNECTED     19682    /run/systemd/journal/dev-log
unix  9      [ ]         DGRAM      CONNECTED     19684    /run/systemd/journal/socket
unix  3      [ ]         STREAM     CONNECTED     23509
unix  2      [ ]         DGRAM      CONNECTED     19878
unix  3      [ ]         STREAM     CONNECTED     23010
unix  3      [ ]         STREAM     CONNECTED     23523
unix  3      [ ]         STREAM     CONNECTED     23053    /run/systemd/journal/stdout
unix  2      [ ]         DGRAM      CONNECTED     74424
unix  3      [ ]         STREAM     CONNECTED     23319    /run/dbus/system_bus_socket
unix  3      [ ]         DGRAM      CONNECTED     21716
unix  3      [ ]         STREAM     CONNECTED     23317
unix  3      [ ]         STREAM     CONNECTED     22869
unix  3      [ ]         STREAM     CONNECTED     22903
unix  3      [ ]         STREAM     CONNECTED     19939
unix  3      [ ]         STREAM     CONNECTED     22978    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     23467
unix  3      [ ]         STREAM     CONNECTED     23107    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     23049
unix  3      [ ]         STREAM     CONNECTED     23320    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     23331    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     23046
unix  3      [ ]         STREAM     CONNECTED     22557    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     21534
unix  3      [ ]         STREAM     CONNECTED     23318    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     23324    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     23056
unix  2      [ ]         DGRAM      CONNECTED     22577
unix  3      [ ]         STREAM     CONNECTED     23038
unix  3      [ ]         STREAM     CONNECTED     39694
unix  2      [ ]         DGRAM                    23297
unix  3      [ ]         STREAM     CONNECTED     39679
unix  3      [ ]         STREAM     CONNECTED     22487
unix  3      [ ]         DGRAM      CONNECTED     22511
unix  3      [ ]         DGRAM      CONNECTED     20082
unix  2      [ ]         DGRAM      CONNECTED     22947
unix  3      [ ]         STREAM     CONNECTED     22870
unix  2      [ ]         DGRAM      CONNECTED     39683
unix  3      [ ]         STREAM     CONNECTED     23035
unix  3      [ ]         STREAM     CONNECTED     74447
unix  3      [ ]         STREAM     CONNECTED     23322    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     22997
unix  2      [ ]         DGRAM      CONNECTED     22502
unix  2      [ ]         DGRAM      CONNECTED     23315
unix  3      [ ]         STREAM     CONNECTED     23003    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     23510    /run/dbus/system_bus_socket
unix  2      [ ]         DGRAM      CONNECTED     74404
unix  3      [ ]         DGRAM      CONNECTED     21717
unix  2      [ ]         DGRAM      CONNECTED     74351
unix  3      [ ]         STREAM     CONNECTED     23380
unix  3      [ ]         STREAM     CONNECTED     35611    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     23093    /run/systemd/journal/stdout
unix  3      [ ]         DGRAM      CONNECTED     21719
unix  3      [ ]         STREAM     CONNECTED     20052    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     22899    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     74391
unix  3      [ ]         STREAM     CONNECTED     23268
unix  3      [ ]         STREAM     CONNECTED     24019    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     23468    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     23105
unix  2      [ ]         DGRAM      CONNECTED     20078
unix  3      [ ]         STREAM     CONNECTED     23529
unix  3      [ ]         STREAM     CONNECTED     23330
unix  2      [ ]         STREAM     CONNECTED     74326
unix  3      [ ]         STREAM     CONNECTED     39682    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     24913
unix  2      [ ]         DGRAM      CONNECTED     21709
unix  3      [ ]         STREAM     CONNECTED     23385    /run/systemd/journal/stdout
unix  3      [ ]         DGRAM      CONNECTED     21718
unix  3      [ ]         STREAM     CONNECTED     23481
unix  3      [ ]         STREAM     CONNECTED     23088
unix  3      [ ]         STREAM     CONNECTED     22908
unix  3      [ ]         DGRAM      CONNECTED     22509
unix  3      [ ]         DGRAM      CONNECTED     74444
unix  3      [ ]         STREAM     CONNECTED     24018
unix  3      [ ]         STREAM     CONNECTED     23231
unix  3      [ ]         STREAM     CONNECTED     74663
unix  3      [ ]         STREAM     CONNECTED     23524    /run/dbus/system_bus_socket
unix  3      [ ]         DGRAM      CONNECTED     22510
unix  3      [ ]         STREAM     CONNECTED     23404    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     35608
unix  3      [ ]         DGRAM      CONNECTED     19657
unix  3      [ ]         STREAM     CONNECTED     74448    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     22896
unix  3      [ ]         DGRAM      CONNECTED     20083
unix  2      [ ]         DGRAM      CONNECTED     19926
unix  2      [ ]         DGRAM      CONNECTED     23492
unix  3      [ ]         STREAM     CONNECTED     23042    /run/systemd/journal/stdout
unix  2      [ ]         DGRAM      CONNECTED     23193
unix  3      [ ]         STREAM     CONNECTED     23323    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     22868
unix  3      [ ]         STREAM     CONNECTED     22488    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     20051
unix  3      [ ]         STREAM     CONNECTED     23060    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     23316
unix  3      [ ]         STREAM     CONNECTED     22556
unix  3      [ ]         STREAM     CONNECTED     24912
unix  3      [ ]         STREAM     CONNECTED     23403
unix  3      [ ]         STREAM     CONNECTED     23052    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     23014    /run/systemd/journal/stdout
unix  3      [ ]         DGRAM      CONNECTED     19658
unix  3      [ ]         STREAM     CONNECTED     22907    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     19962    /run/systemd/journal/stdout
unix  2      [ ]         DGRAM      CONNECTED     23259
unix  3      [ ]         DGRAM      CONNECTED     74443
unix  3      [ ]         STREAM     CONNECTED     22975
unix  3      [ ]         STREAM     CONNECTED     39695    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     23321    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     74662
unix  3      [ ]         STREAM     CONNECTED     23480
unix  3      [ ]         STREAM     CONNECTED     74396    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     23528
unix  3      [ ]         STREAM     CONNECTED     23309
unix  3      [ ]         STREAM     CONNECTED     21537    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     23041    /run/systemd/journal/stdout
unix  3      [ ]         DGRAM      CONNECTED     22512

Maybe you don’t have a public IPv4 (perhaps your ISP is using CGNAT, an IPv4 for many customers). Just to find things out, why not try to use IPv6? you can start by seeing if you have one through here, and then configure a script to refresh duckdns. You can also try to access your server through IPv6. Put it on brackets like this on the address bar for example [youripv6address]:443. Just do not forget to configure your server and your router/modem to get a valid ip6. The downside: sometimes you won’t have IPv6 (say, in a hotel), so the access won’t work.

I went to the site that you suggested. It says that I don’t have IPv6, so I only have available IPv4

my apologies, didn’t post the additional parameters you need for ‘netstat’…can you please post the output for: netstat -peanut | grep -i “:443”

This is the output I get:

$ netstat -peanut | grep -i “:443”
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)

too bad. However, sometimes it’s just a matter of enabling it in the modem and then in the router. Just be careful to make a config backup, take the ISP number and check if anyone is using the internet for something vital before messing with the modem/router. Also, it’s no fun to be without internet on a Friday because of IPv6, trust me =)

my bad, do this: sudo netstat -peanut | grep -i “:443”

I don’t get anything as output

Hmmm, please check for typo…from above, you had typed in “netstat” and it gave you some output, surely “netstat -peanut” will give you finer output…

Can you also confirm that you are running Ubuntu by typing in “lsb_release -a” ??

Didn’t get anything as output for the second command, however, I got this as the output for sudo netstat -peanut:

$ sudo netstat -peanut
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      102        22595      597/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          23412      722/sshd: /usr/sbin
tcp        0     36 192.168.0.41:22         192.168.0.2:50270       ESTABLISHED 0          135138     248884/sshd: bytese
tcp6       0      0 :::22                   :::*                    LISTEN      0          23423      722/sshd: /usr/sbin
tcp6       0      0 :::80                   :::*                    LISTEN      0          25612      2456/httpd

udp        0      0 0.0.0.0:5353            0.0.0.0:*                           0          35640      9098/mdns-publisher
udp        0      0 127.0.0.53:53           0.0.0.0:*                           102        22594      597/systemd-resolve
udp        0      0 192.168.0.41:68         0.0.0.0:*                           101        135954     595/systemd-network
udp6       0      0 :::5353                 :::*                                0          35641      9098/mdns-publisher

if that’s the full output, then port 443 on your web server (nginx/apache) isn’t even enabled…check your config?

How do I enable it?

how did you set this server up? did you follow some sort of tutorial? go back there and re-read the steps…i am sure the author had covered the security subject (enabling 443, tie it to a certificate, and if through Letsencrypt, would show you how to download acme.sh properly, etc.)

I just installed the Nextcloud snap

did you follow through the guide…something like this: How To Install and Configure Nextcloud on Ubuntu 20.04 | DigitalOcean ??