Can't access xxx.duckdns.org for NC from inside LAN. Can access outside of LAN

Ircghost · April 17, 2024, 7:01am

Hi,

Setup:

Nokia Router with firewall. Port forwarding 80 and 443 to NGINX Proxy Manager.
NUC running proxmox, with multiple containers/services (i.e. Home Assistant → HA).
– Container: HA (192.168.1.115)
— NGINX Proxy manager HA. In NGINX I have a rule setup to forward port 11000 to 192.168.1.125
— AdGuard on HA (DNS). I have setup a DNS rewrite for the xxx.duckdns.org domain to 192.168.1.125
– Container: Ubuntu with Portainer (192.168.1.125)
— NextCloud behind reverse proxy setup

My router (Nokia) doesn’t support DNS Hairpin (didn’t even know this was a thing before). So I have to use DNS rewite in AdGuard to make sure I can even access my published services from inside my LAN. Connecting to anything outside of my LAN has never been an issue.

However, my DNS rewrite rule for NC doesn’t seem to work. When I connect from inside my network it simply returns an “unable to connect”.

When I tried to install it it couldn’t resolve/check the domain. It indicated it couldn’t connect to 443. However, if I use a portchecker it did return XXX.duckdns.org on port 443 as open.

A friend of mine runs the exact same setup, except his router does support DNS hairpin so he doesn’t have issues.

This is my YAML code (that I copied from him and then adjusted only to include my details)

version: "3.8"

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

services:
  nextcloud:
    image: nextcloud/all-in-one:latest
    restart: unless-stopped
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - 8195:8080 # change the port on the left side if it's already in use on your host system.
    environment:
      - APACHE_PORT=11000  # change this port number if 11000 is already in use on your host system.
      - SKIP_DOMAIN_VALIDATION=true

What I have tried:

As you can see in the YAML I tried to force the installation (eventually) with a force skip domain validation so I atleast could do some troubleshooting on a running server. But it made no difference.
I also run another stack on portainer, so I have created a new Ubuntu, and portainer and installed NC on there, no effect.
I have tried multiple iterations on the YAML
I have tried assiging multiple ports in the NGIX proxy manager
I have tried opening my firewall with a direct port forward on 443 to NC.

I’d really like to get this to work, any help would be appreciated!

szaimen · April 17, 2024, 1:41pm

Hi, see GitHub - nextcloud/all-in-one: 📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.

Ircghost · April 17, 2024, 5:29pm

Hi @szaimen what exactly should I see? I have setup reverse proxy with my own DNS provider already (AdGuard). And it isn’t working.