Can't curl self hosting domain/url

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • Nextcloud Hub 9 (30.0.4)
• Operating system and version (e.g., Ubuntu 24.04):
  • Strato vps with debian12 and Proxmox VE v8.3.2 ontop - static IP
    relevant Container:
    • Debian 12 LXC with nginx proxy manager - unprivileged (10.10.10.x)
    • Debian 12 LXC for Nextcloud AIO - privileged (10.10.10.y)
• Web server and version (e.g, Apache 2.4.25):
  • Nextcloud AIO v10.3.0
• Reverse proxy and version _(e.g. nginx 1.27.2)
  • npm v2.12.2
• PHP version (e.g, 8.3):
  • Nextcloud AIO v10.3.0e
• Is this the first time you’ve seen this error? (Yes / No):
  • Yes, on this setup
• When did this problem seem to first start?
  • since install
• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • AIO compose.yaml
• Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • No

Summary of the issue you are facing:

Nextcloud is reachable and work, but:

Can't curl self hosting domain/url
#cloud.mydomain.de

Steps to replicate it (hint: details matter!):

Log entries

Konnte nicht überprüfen, ob das Datenverzeichnis geschützt ist. Bitte überprüfen Sie manuell, ob Ihr Server keinen Zugriff auf das Datenverzeichnis erlaubt. Damit diese Prüfung ausgeführt werden kann, müssen Sie sicherstellen, dass Ihr Webserver eine Verbindung zu sich selbst herstellen kann. Daher muss er in der Lage sein, mindestens eine seiner `trusted_domains` oder `overwrite.cli.url` aufzulösen und eine Verbindung zu ihnen herzustellen. Dieser Fehler kann das Ergebnis einer serverseitigen DNS-Nichtübereinstimmung oder einer ausgehenden Firewall-Regel sein.
Ihr Webserver ist nicht für die Bereitstellung von `.js.map`-Dateien eingerichtet. Ohne diese Dateien funktionieren JavaScript Source Maps nicht ordnungsgemäß, was die Fehlersuche und -behebung eventuell auftretender Probleme erschwert.
Prüfung auf JavaScript-Unterstützung konnte nicht ausgeführt werden. Bitte beheben Sie das Problem oder bestätigen Sie manuell, dass Ihr Webserver `.mjs`-Dateien mit dem JavaScript-MIME-Typ bereitstellt. Damit diese Prüfung ausgeführt werden kann, müssen Sie sicherstellen, dass Ihr Webserver eine Verbindung zu sich selbst herstellen kann. Daher muss er in der Lage sein, mindestens eine seiner `trusted_domains` oder `overwrite.cli.url` aufzulösen und eine Verbindung zu ihnen herzustellen. Dieser Fehler kann das Ergebnis einer serverseitigen DNS-Nichtübereinstimmung oder einer ausgehenden Firewall-Regel sein.
Es konntre nicht überprüft werden, ob Ihr Web-Server die OCM- und OCS-Anbieter-URLs ordnungsgemäß auflöst. Damit diese Prüfung ausgeführt werden kann, müssen Sie sicherstellen, dass Ihr Webserver eine Verbindung zu sich selbst herstellen kann. Daher muss er in der Lage sein, mindestens eine seiner `trusted_domains` oder `overwrite.cli.url` aufzulösen und eine Verbindung zu ihnen herzustellen. Dieser Fehler kann das Ergebnis einer serverseitigen DNS-Nichtübereinstimmung oder einer ausgehenden Firewall-Regel sein.
589 Fehler in den Protokollen seit 10. Januar 2025, 17:58:10
One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types. Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades. Use the command `occ maintenance:repair --include-expensive` to perform the migrations.

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

richdocuments	
ConnectException
cURL error 28: Connection timed out after 5002 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://cloud.mydomain.de/hosting/discovery
Failed to fetch discovery: cURL error 28: Connection timed out after 5002 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://cloud.mydomain.de/hosting/discovery

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

---

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

nothing

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

<?php
$CONFIG = array (
  'one-click-instance' => true,
  'one-click-instance.user-limit' => 100,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'check_data_directory_permissions' => false,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'nextcloud-aio-redis',
    'password' => 'xxxxxxx',
    'port' => 6379,
  ),
  'overwritehost' => 'cloud.mydomain.de',
  'overwriteprotocol' => 'https',
  'passwordsalt' => '2P+xxxx/',
  'secret' => 'xxxx/Ip4C/xxxx',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'cloud.mydomain.de',
    2 => '0.0.0.0',
    3 => '10.10.10.y',
    4 => '127.0.0.1',
  ),
  'datadirectory' => '/mnt/ncdata',
  'dbtype' => 'pgsql',
  'version' => '30.0.4.1',
  'overwrite.cli.url' => 'https://cloud.mydomain.de/',
  'dbname' => 'nextcloud_database',
  'dbhost' => 'nextcloud-aio-database:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_nextcloud',
  'dbpassword' => 'xxxxxxxxx',
  'installed' => true,
  'instanceid' => 'oczveab5w2x2',
  'maintenance' => false,
  'loglevel' => 2,
  'log_type' => 'file',
  'logfile' => '/var/www/html/data/nextcloud.log',
  'log_rotate_size' => 10485760,
  'log.condition' => 
  array (
    'apps' => 
    array (
      0 => 'admin_audit',
    ),
  ),
  'preview_max_x' => 2048,
  'preview_max_y' => 2048,
  'jpeg_quality' => 60,
  'enabledPreviewProviders' => 
  array (
    1 => 'OC\\Preview\\Image',
    2 => 'OC\\Preview\\MarkDown',
    3 => 'OC\\Preview\\MP3',
    4 => 'OC\\Preview\\TXT',
    5 => 'OC\\Preview\\OpenDocument',
    6 => 'OC\\Preview\\Movie',
    7 => 'OC\\Preview\\Krita',
    0 => 'OC\\Preview\\Imaginary',
    23 => 'OC\\Preview\\ImaginaryPDF',
  ),
  'enable_previews' => true,
  'upgrade.disable-web' => true,
  'mail_smtpmode' => 'smtp',
  'trashbin_retention_obligation' => 'auto, 30',
  'versions_retention_obligation' => 'auto, 30',
  'activity_expire_days' => 30,
  'simpleSignUpLink.shown' => false,
  'share_folder' => '/Shared',
  'one-click-instance.link' => 'https://nextcloud.com/all-in-one/',
  'upgrade.cli-upgrade-link' => 'https://github.com/nextcloud/all-in-one/discussions/2726',
  'updatedirectory' => '/nc-updater',
  'maintenance_window_start' => 100,
  'allow_local_remote_servers' => true,
  'davstorage.request_timeout' => 3600,
  'documentation_url.server_logs' => 'https://github.com/nextcloud/all-in-one/discussions/5425',
  'htaccess.RewriteBase' => '/',
  'dbpersistent' => false,
  'auth.bruteforce.protection.enabled' => true,
  'ratelimit.protection.enabled' => true,
  'files_external_allow_create_new_local' => true,
  'trusted_proxies' => 
  array (
    0 => '127.0.0.1',
    1 => '::1',
    2 => '10.10.10.x',
    10 => '172.18.0.0/16',
  ),
  'preview_imaginary_url' => 'http://nextcloud-aio-imaginary:9000',
  'preview_imaginary_key' => 'xxxxxxxxx',
  'mail_from_address' => 'admin',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'mydomain.de',
  'mail_smtphost' => 'mydomain.de',
  'mail_smtpport' => '465',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'admin@mydomain.de',
  'mail_smtppassword' => 'xxxxxxxx',
  'mail_smtpsecure' => 'ssl',

Apps

The output of occ app:list (if possible).

Additional Infos:

on the Nextcloud LXC also run an wireguard tunnel for including home NAS to Nextcloud.
the tunnel has:
allowed ips: 10.200.x.0/24, 10.10.x.0/24, 10.10.y.0/24
for tunnel only use home networks.

On the PVE-Host Firewall is enabled.
On LXC’s PVE-FW is disabled, because of connection problems, but installed ufw (enabled)

ufw rules for npm:
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
81 ALLOW Anywhere

ufw rules for nc:
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
xxx ALLOW 10.10.x.0/24 (wireguard)
yyy ALLOW Anywhere (nc-talk)

curl to all external Domains/URLs work, only “local” cloud.mydomain.de will not work.

also I disabled the highlevel backend for nc-talk (I think this is also the “cant connect to myself” Problem)

Who find the error

I think for the server to be able to perform the tests, it has to be able to reach itself. This does not seem to be the case.

You can try the following directly on the server:

ping cloud.mydomain.de

This will probably not work either.

One reason could be a reverse proxy like nginx you posted above. Perhaps it would be useful if you could also provide the configuration.

@devnull you are right, ping also dont work for cloud.mydomain.de.
For other external url (like google.com) it work.

Here is my npm config for the nc container:

# ------------------------------------------------------------
# cloud.mydomain.de
# ------------------------------------------------------------



map $scheme $hsts_header {
    https   "max-age=63072000; preload";
}

server {
  set $forward_scheme http;
  set $server         "10.10.10.y";
  set $port           11000;

  listen 80;
listen [::]:80;

listen 443 ssl;
listen [::]:443 ssl;


  server_name cloud.mydomain.de;

  http2 on;


  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-6/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-6/privkey.pem;




# Asset Caching
  include conf.d/include/assets.conf;


  # Block Exploits
  include conf.d/include/block-exploits.conf;



  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security $hsts_header always;





    # Force SSL
    include conf.d/include/force-ssl.conf;




proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;


  access_log /data/logs/proxy-host-4_access.log proxy;
  error_log /data/logs/proxy-host-4_error.log warn;

client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;





  location / {





  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security $hsts_header always;





    
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;
    

    # Proxy!
    include conf.d/include/proxy.conf;
  }


  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

EDIT: ping from outside the container to cloud.mydomain.de work eather.
So it should be a routing or DNS problem?

EDIT2:

root@nextcloud:~# nslookup -querytype=soa cloud.mydomain.de
Server:         212.227.123.16
Address:        212.227.123.16#53

Non-authoritative answer:
*** Can't find cloud.mydomain.de: No answer

Authoritative answers can be found from:
mydomain.de
        origin = shades19.rzone.de
        mail addr = hostmaster.strato-rz.de
        serial = 2023063807
        refresh = 86400
        retry = 7200
        expire = 604800
        minimum = 300