The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.
If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can.
The Basics
Nextcloud Server version (e.g., 29.x.x):
AIO
Operating system and version (e.g., Ubuntu 24.04):
Debian
Web server and version (e.g, Apache 2.4.25):
`Apache2?
Is this the first time you’ve seen this error? (Yes / No):
yes
When did this problem seem to first start?
after swichting to glasfiber/fritzbox
Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
AIO
Are you using CloudfIare, mod_security, or similar? (Yes / No)
nope
Summary of the issue you are facing:
Cant access the cloud via domain, nor SSH into the cloud, nor the AIO interface via localhost:8080
I ran the cloud stable for a year or so on DSL and just switched to glasfiber. the switch also included a change speedport to fritzbox 7590.
I set up the new router the same as the old, the portforwarding is slightly more confusing in fritzOS than before, but i think it should be fine.
forwarded 80 and 443 both TCP/UDP (is that neccessary btw?) to the cloud, also forwarded SSH XXXX to 22, same as before.
problem is though, I cannot access the AIO interface via localhost:8080 nor the cloud from extern via the domain. domain points to the right ipv4 of the router, thats not an issue. SSH doesnt work either. But if i use the ip of the cloud from a different PC in the network I get the “apache2 server is running” message…
So its seems I have to issues, right? The port forwarding doesnt work (since I cant even ssh into the debian machine) and the AIO somehow doesnt work, since I cannot access the interface via localhost:8080.
Im pretty dumbfounded, and open to any suggestion (beside “redo the AIO” atm )
thanks a lot in advance
Benutzeroberfläche aufrufen: Öffnen Sie einen Webbrowser und geben Sie “http://fritz.box” oder die IP-Adresse Ihrer FRITZ!Box (standardmäßig 192.168.178.1) ein. Geben Sie das Passwort für die Benutzeroberfläche ein.
Erweiterte Ansicht aktivieren: Falls noch nicht geschehen, aktivieren Sie die erweiterte Ansicht, um alle Einstellungen zu sehen.
Netzwerkeinstellungen öffnen: Navigieren Sie zu “Heimnetz” > “Netzwerk” > “Netzwerkeinstellungen”.
DNS-Rebind-Schutz konfigurieren: Suchen Sie den Abschnitt “DNS-Rebind-Schutz”.
Ausnahmen hinzufügen: Tragen Sie im Eingabefeld “Hostnamen-Ausnahmen” den vollständigen Hostnamen (Domainnamen inklusive Subdomain) oder den CNAME ein, für den der DNS-Rebind-Schutz nicht gelten soll, laut AVM.
Mehrere Ausnahmen: Wenn Sie mehrere Ausnahmen hinzufügen möchten, trennen Sie diese durch einen Zeilenumbruch.
Einstellungen speichern: Klicken Sie auf “Übernehmen”, um die Änderungen zu speichern.
FRITZ!Box neu starten: Es wird empfohlen, die FRITZ!Box neu zu starten, um sicherzustellen, dass die Änderungen wirksam werden
that did not solve the issue, i guess its a combination of both the OS block and the DSlite thing, so i guess its a first step. thanks! @scubamuc is there a “quick” way arround the issue without me reading up on DNS lectures for a week? I think i would have to talk to my provider and or go via ipv6 if possible?
DTAG will give you a “Full Dual Stack” at a kost of ~ €10,- p.m, VODE also for a fee of €??,- … some providers don’t give you a “Full Dual Stack” at all and others do it for free if you ask nicely. For service providers its a click of a button, other than that, you’ll have to do some research for alternative IPv6 to IPv4 tunnels.
damn i did not expect that, would have thought there are many users without a native ipv4, so i would have expected there is a solution for that o.O… I will have a look at it in some leisure time. thank you!
yeah, and their marketing promises don’t mention the cons.
take a look at https://desec.io/ for a good free open source DDNS service incl. IPv6 working well with Fritz! but without 6to4 tunnel. I’ve looked at some 6to4 tunnels that are are DIY but require at least a VPS with a “Full Dual Stack”. so DSLite is gonna cost a couple of bucks for a “Full Dual Stack” either way.
Of cause. And me is such an User of Nextcloud and i do have only DS-Lite. And what shall i say: My Nextcloud works fine with just IPv6. It’s just a question of the correct config of the router / Firewall and the use of a DynDNS-Provider supporting IPv6 propperly. The Nextcloud config itself does not need any change, except what is needed to use an new DynDNS domain. Only that need some change in config files and new Let’s Encrypt certificates.
DNS rebind imho enables
accessing your server directly via its local
ip. fritz blocks that, thereby
enforcing access via public ip
which is more costly, but does
not at all block access like You are
experiencing.
Rather check DNS and ports.
There websites for that.
And have You configured
DynDNS? If that was done by
speedport and not yet by fritz,
then the reason might be clear.
Did you noticed FritzBox uses by default a 192.168.178.0/24 LAN? Don’t know what speedport did used before. Do you use DCHP on your Servers or static IP?
In any case. If a nextcloud Ipv4 did changed you have to edit its config. At least that is the case on a bare Metal installation. Not sure about AIO.
Did you noticed FritzBox uses by default a 192.168.178.0/24 LAN? Don’t know what speedport did used before. Do you use DCHP on your Servers or static IP?
yes, thats taken care of. IP is fixed.
so if I understand you correctly, one can set up the nextcloud with only IPv6. I might have known that at some point and dismissed it, since i had IPv4 at the old provider. will it limit me in some way? I found the guide to set up IPv6 support for docker in the AIO setup, do I need something more? I read somwhere, that there is no “port forwarding” in IPv6, but I can do exactly that in the fritz.box, so something is off, either in my understanding (which is very limited) or maybe the settings are the same but they do something different?
Thanks for mentioning the DynDNS-Provider. Im using afraid.dns and they dont provide ipv6 in my current plan, so I need to change that. My plan now would be:
Change DynDNS-Provider/Plan to IPv6 Support.
Forward the same ports in fritz for IPv6 to the server.
Adjust the trusted domains in the nextcloud config.
pray…
anything I need to do besides?
Thanks a lot!
@edit: afraidDNS does provide IPv6 support, just had to change it first step done…
being a NATed (CG-NAT) connection, there’s no way you can expose a host:port with DSLite. As mentioned here by @tflidd IPv6 coverage is not high enough yet, so we’re back to square #1… ask your service provider for a “full dual stack”.
E.g. if your mobile provider offers ipv6, and all your users have ipv6, it might be an option. Not sure if there are still ipv6 gateways (ideally easily usable, if you are e.g. without ipv6), and if not all have ipv6, you can also ask the providers, why the hell they don’t have ipv6 in 2025…
Im confused, seems i have different people having different opinions on if this works or not also, I am maybe too noob to understand…
I think all my clients have ipv6, unless android phones in general dont support it for some reason or something…?
soo if it is possible, why not set it up with ipv6 only? problem is, I seem to be incapable of doing so. I am using now two different DNS provider, both updating different IP6 addresses to the domain, the router tells me another completely different public IP6 and each device I just checked gives me another IP6 address when checking it via cmd or asking google.
I cant SSH into my machine via domain, but if I use the IP6 which is shown in my device list of the fritz.box (again, of course, different from the public IP) I can SSH without a problem. I would assume that, If i manually put this IP into the DNS-provider, that should work, too, but that seem crazy, since wouldnt that be something like a local IP?
why are there so many different public IP6s?
btw one DNS-provider gets its IP directly from the fritzbox, one uses a cronjob from the machine…
I would like to run it on IPv6, but this seems very weird, maybe Im just to laymanish…
@edit: at least now I get “permission denied” error again when trying to ssh into the domains (both), before the name was not found, also for both… dont know what changed…
Because tihis is IPv6 and NOT iIPv4. It is simple the benefit of IPv6 that every Device can get its own public IPv6-Adress. This is possible because there are now 340 sextillion IPv6 addresses instead of approximately 4.3 billion IPv4 addresses. This is precisely why NAT is unnecessary with IPv6.
It seems you have to study IPv6 first, before make changes in your setup while you don’t have any clue what you are doing.
Also wrong! Android supports IPv6. The only what Android (and also Chrome OS) not supports is DHCPv6. Both only supports SLAAC.
If a mobile device (no matter Android or IOS) does not have any IPv6-Adress the solution is not to find in the OS but in the APN-Settings. Some Mobile-ISP disable the IPv6-Support in the APN-Settings by default, But this is in most cases easy to change, by activate IPv6 in APN-Settings.
So you simply need to check the APN-Settings. Keep in mind there are two different APN-Settings. One for your national Mobile-ISP and another one for International Roaming. Both need to be checked and (if needed) changed,
In theory, with ipv6 is should be easier because all devices can have their own public ip address, and you don’t need address translation (NAT) like with ipv4.
However, people in general have ipv4 access to the internet, and over time more and more people get ipv6 access as well. Most devices and operating systems already support ipv6, so it is more a question if your provider has enabled it.
In case that your end-devices always have ipv6, at home, on the mobile network, your friends, other peopel you want to share files, going ipv6 only might be an option. In some parts of Europe, 70-80% of poeple have already ipv6 (and/or you can easily enable it).
Then it might just happen if you are on holidays in some hotel wifi, or roaming where there is no ipv6, then you cannot easily access your cloud.
To know a few network basics, if you run a server in your network that you want to access from outside, is certainly a good point. Unfortunately, with the NAT, carrier grade NAT for ipv4, and the whole ipv6 stuff, it can be a bit confusing.
)
first step done…