DDNS to Nextcloud server not working after multiple attempts

I’ve installed Nextcloud on an RPi 4 8GB running Ubuntu 20 and LAMP stack, and set up a domain name with Namecheap, as well as SSL from LetsEncrypte. For whatever reason, I simply can’t get DDNS to work. I’m able to connect to NC fine inside my network using the local IP for the RPi.

I had set up a different RPi with NC, but running Raspian Buster, and using a domain from no-ip. It has run great great for a couple months, but I recently decided I wanted to replace that set up with an RPi on Ubuntu. I’ve checked an re-checked the various settings (as outlined in the various tutorials I’ve followed for each step), and uninstalled and reinstalled ddclient this morning, which when run indicates it is running and successfully updating the dynamic IP with the namecheap server. The Namecheap tech support folks said everything also looks fine on their end. Certbot also reports it is successfully updating the SSL cert.

Unfortunately, for some reason, when I ping my public IP address from a device outside the network, I get no response, and obviously my domain isn’t working. I’ve included the errors appearing in my NC Admin log (below). I have no idea what the first one means, but I think the second one is related to an attempt to run Duplicati and save to a another RPi.

I’ve included as much info as I can think might be helpful.

Nextcloud version : 20.0.3
Operating system and version: Ubuntu 20.04
Apache 2.4.41
PHP version: 7.4.3

The issue you are facing: DDNS not working

Is this the first time you’ve seen this error? (Y/N): Yes.

Steps to replicate it:

1. Attempts to connect using domain name from namecheap unsuccessful.
2. Ping to local IP address unsuccessful.
3. Port check shows both 80 and 443 are open (and I have them forwarded to my NC RPi’s local IP).

Steps I used to perform my install:

1. Installed Ubuntu Server (64-bit) 20.04 on SD card
2. Via SSH, changed password and ran apt update & apt upgrade
3. Created new user [username]

• Added to sudo group
• Logged out and back in as new [username]
• Deleted user ubuntu

4. Changed default SSH port to XXXX
5. Changed hostname from default ubuntu to [newhostname].
6. Installed LAMP stack via tutorial at https://www.linuxbabe.com/ubuntu/install-lamp-stack-ubuntu-20-04-server-desktop
7. Installed Fail2ban
8. Installed Xubuntu desktop as per https://linuxconfig.org/how-to-install-xubuntu-desktop-on-ubuntu-18-04-bionic-beaver-linux.
9. Installed VNC server via tutorial at https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-vnc-on-ubuntu-20-04.

• VNC server successfully installed, but connection from remote viewer unsuccessful

10. Installed ddclient and set up DDNS via tutorial https://serdima.wordpress.com/2018/04/23/tutorial-updating-dynamic-dns-with-ddclient/

• Setup successful, verified via sudo service ddclient status

11. Installing Certbot via https://certbot.eff.org/lets-encrypt/ubuntufocal-apache (using snap protocol)

• Ran certbot; indicates it has successfully installed ssl cert

12. Installed Nextcloud via tutorial at https://pimylifeup.com/raspberry-pi-nextcloud-server/

• Initially tried using the tutorial specifically for ubuntu from linuxbabe, but found Gus’s tutorial at PUML included a couple additional and helpful steps. The PUML guided install was on a fresh ubuntu installation (i.e. I wiped the previous SD card with the linuxbabe guided install).

13. Completed NC setup via local IP.

What currently works:

1. I can hit the NC login page using the local IP of my RPi from a computer on the same network.
2. I can hit the NC login page from outside my network using the public IP of my modem/router, if I add the current public IP as a trusted domain in the config.php file. <- obviously this isn’t a long-term solution since that IP address is dynamically assigned and changes, and of course also defeats the purpose of having a domain name. But it does indicate that the port forwarding is working.

This is my nextcloud.conf file

Alias / "/var/www/nextcloud/"

<VirtualHost *:80>
        DocumentRoot "/var/www/nextcloud"
        ServerName [domain.name]

        ErrorLog ${APACHE_LOG_DIR}/nextcloud.error
        CustomLog ${APACHE_LOG_DIR}/nextcloud.access combined

        <Directory /var/www/nextcloud/>
            Require all granted
            Options FollowSymlinks MultiViews
            AllowOverride All

           <IfModule mod_dav.c>
               Dav off
           </IfModule>

        SetEnv HOME /var/www/nextcloud
        SetEnv HTTP_HOME /var/www/nextcloud
        Satisfy Any

       </Directory>

</VirtualHost>

Output of your Nextcloud log in Admin > Logging:

Error: GuzzleHttp\Exception\ConnectException: cURL error 28: Operation timed out after 120001 milliseconds with 192353859 out of 360239365 bytes received (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)

Warning: Host 192.168.X.XX was not connected to because it violates local access rules

Output of your config.php file in /path/to/nextcloud (identifiable information removed):

<?php
$CONFIG = array (
  'instanceid' => 'oc8gq8d15tv4',
  'trusted_domains' =>
  array (
    0 => 'xxx.xxx.x.xx',
    1 => '[domain.name]',
  ),
  'passwordsalt' => 'ZQ46FgInf5bLHAt...[trucated]',
  'secret' => 'jxAGqLsZwkYqt5ptv9wn...[truncated]',
  'datadirectory' => '/var/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '20.0.3.2',
  'overwrite.cli.url' => 'http://xxx.xxx.x.xx',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '[username]',
  'dbpassword' => '[password]',
  'installed' => true,
);

Output of your Apache system log in /var/log/____:

I don’t see a “system log” in my /var/log/apache2 folder, but this is what’s in my error.log this morning, after doing a complete uninstall and reinstall of ddclient…

[Sat Dec 19 12:00:16.998968 2020] [mpm_prefork:notice] [pid 27319] AH00169: caught>
[Sat Dec 19 12:00:29.799359 2020] [mpm_prefork:notice] [pid 2182] AH00163: Apache/>
[Sat Dec 19 12:00:29.803572 2020] [core:notice] [pid 2182] AH00094: Command line: >

And this is what appears in the nextcloud.error log this morning…

[Sat Dec 19 04:57:04.318467 2020] [php7:error] [pid 28807] [client 195.133.59.127:6>
[Sat Dec 19 06:09:44.644905 2020] [php7:error] [pid 28830] [client 194.87.55.136:54>
[Sat Dec 19 07:48:14.198064 2020] [php7:error] [pid 28810] [client 2.58.29.151:1920>

So the local IP changed?
Strange thing, perhaps the apache not running properly, normally it should work finde if letsencrypt guides you through the process with your apache running. I’d look with tcpdump on your raspberry pi, if you receive any packages when you try to access from outside your network (if no → forwarding is not working correctly, if yes → the webserver is not running, or not responding to this hostname, …)

Ran tcpdump filtering for port 443 and it returned traffic I was sending from my phone:

17:25:52.904816 IP 174.204.89.XXX.12844 > 192.168.X.XX.443: Flags [S], seq 3497242646, win 55520, options [mss 1388,sackOK,TS val 1982823278 ecr 0,nop,wscale 8], length 0

Port forwarding is working. Not sure how to troubleshoot the webserver? Any tips?

Okay - now I feel dumb. Ran a systemctl restart apache2, and it’s working now.

I know I did this earlier in the install process, but for whatever reason, doing it now fixed the problem.

Spoke too soon. I can now hit the RPi from my phone using the domain name, and it correctly resolves automatically to https, but I get an “access through untrusted domain” error.

However, when I try using the domain name from my laptop (connected inside the same network), the request times out.

I have no idea what’s going on.

After tinkering with the config.php and etc/hosts files, I can now access my NC server using either the local IP from inside my network, or using my domain name from outside my network. But I still can’t access it using the domain name from inside the network.

Can you access Nextcloud through a browser on your mobile? The URL isn’t changed? And it’s the hostname that you set up in your config.php?

Check out dnsmasq for that…

I’m not sure dnsmasq is a solution. My RPi’s IP is dynamically assigned, and it appears dnsmasq requires a static IP address? But as it’s not a tool I’m terribly familiar with, perhaps there’s a capability you’re aware of to facilitate a DDNS pathway?

And what stops you from assigning a static ip?

Expense. My internet provider charges extra for that. Since I know I’ve successfully set up DDNS for an RPi that works the way I want it to once before, I’d rather just figure out how to make the DDNS work the way it’s supposed to.

Yep - I can connect to the RPi now using the domain name via my mobile phone network connection. But as soon as I connect my phone to my home’s wifi, I can no longer connect using the domain name. But I can connect using the local IP of the RPi.

Afaik dnsmasq requires a fixed internal ip, dont think the wan ip address is relevant at all and i dont think your provider has anything to say about how you configure your lan

Not an network person by any means… so I’m swimming in the deep end here. But yes, my RPi has a fixed local IP address: 192.168.X.XXX. However, the IP address for my modem/router that connects me to the outside world is dynamically assigned by my provider, which is why I’m using the DDNS service from namecheap. I was previously using NO-IP on an RPi running Raspian with LAMP, and that worked great for a few months. However, for other reasons I decided to switch over to Ubuntu, and otherwise simply replicate how I had my other RPi set up. And so far, everything else is working fine, except this one element. I vaguely remember having this issue very briefly when I set up my first RPi, but it resolved fairly quickly and I think I assumed it was a propagation issue.

Since I know I can now hit my RPi from outside my lan, I know ddclient is working. The issue is clearly something to do with the server not liking that I’m sending the request, using the domain name, from inside the lan. The browser appears to be “hitting” the server, because if I just enter the base domain name i.e. example.com with no host, the url auto-resolves to https://www.example.com… but the page never loads. It just says “request timed out.”

Thats normal, the dns request does not work from behind the ip that it referes to. Thats why dnsmasq exists. It replicates something like a local dns server…

Okay… so going out on a limb here… does that mean that by setting up dnsmasq, it sees the request for the domain name from inside the lan and then “forwards” that to the local IP?

Yep, thats what it does

You got that working?

Yes and no. I tried dnsmasq but but getting errors during install. But this morning I figured out my modem has its own “host mapping” (ie dns) feature, so that did the trick. Pretty sure that’s how I got it to work on my first go with setting up NC on a RPi, and I simply forgot about it. It’s not how I wanted to accomplish the task, but it’s works.

Perfect. Btw, why didnt you install nextcloudpi? if you depend on ubuntu you could have used curl installer to do so…