Hi all, I have a problem where I could use your help.
Situation:
I have a server running in a separate VLAN with ID 30 and the IP address 192.168.30.3. Inter-VLAN traffic is not allowed. On this server I am running Docker with, among other things, a Nextcloud AIO container. On the same server in Docker, I also run Nginx Proxy Manager, in which I redirect the subdomain cloud.mydomain.com to the server IP address 192.168.30.3 (a Let’s Encrypt certificate is available). The cloud.mydomain.com obviously points to my public IP address. I also have port 443 open in my UDM Pro.
Problem:
During the setup of Nexcloud, a domain validation is performed. This fails in my case with the error message that the domain is not reachable on port 443 from inside the container.
Now I have been trying to solve this problem myself and I found out that my firewall rule which blocks inter-VLAN traffic is throwing a spanner in the works. As soon as I disable this rule, my subdomain can be validated by Nextcloud. Of course, I do want to keep inter-VLAN traffic blocked, so something needs to be set that allows Nextcloud to do this, but also keeps inter-VLAN traffic blocked. Does anyone have a solution for this?
Thanks in advance for your help!
Note 1: I came across a post on Github by someone with the same problem and he was talking about a misconfiguration in the VLAN of a so-called hairpin NAT. When a port forward is made on a UDMP, the hairpin nat is configured automatically. So that should not be the problem.
Note 2: Previously, I had the server running on my main LAN and then there was no problem at all with domain validation, but because Nextcloud needs to be reachable from outside (and some other services), I decided to put the server in a separate shielded VLAN.