Operating system and version (e.g., Ubuntu 24.04):
Armbian-unofficial 24.8.2 Bookworm \l . 6.6.45-current-bcm2711 (aarch64)
Web server and version (e.g, Apache 2.4.25):
Apache, Unsure on the version
Reverse proxy and version _(e.g. nginx 1.27.2)
Not sure
PHP version (e.g, 8.3):
Unsure
Is this the first time you’ve seen this error? (Yes / No):
No
When did this problem seem to first start?
Since enabling UFW
Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
Using Etcher to flash it to a Micro SD card
Are you using CloudfIare, mod_security, or similar? (Yes / No)
I don’t think so
Summary of the issue you are facing:
Hello,
I’ve replaced my actual domain name with mydomain. I keep getting the error message
When applying new settings to dnsmasq or LetsEncrypt. They seem to connect fine on port 80, just not 443. This only happens when I have UFW enabled.
I tried adding some extra https or 443 rules to UFW to get it to connect, but it doesn’t seem to work. I’d like to have UFW enabled for the added security and have these services connect without the error message. Is that possible? Or is everything actually working as it should?
Thank you for the reply, I agree some more details would be helpful. Sorry, I’m so new at this, I don’t know what you do or don’t need
I haven’t set up a reverse configuration on the webserver config, so I’ll get started on that. Should I start from the top of the github page in your link or at the Reverse Proxy section? If so, where is the ‘server block’ on the nextcloud server located?
As for the other details, here’s the current UFW rules:
I’m pretty sure the fail2ban addition is my router, which I’m not sure why that’s happening either. I only added ‘http’, ‘https’, and ‘ssh’ to see if that would allow for the push connection to go through.
Here’s a screenshot of my dnsmasq settings where the DNS server is the IP address of a piHole on my network:
As for the Let’sEncrypt settings, I can’t get a screenshot, but I currently have it set to www.mydomain.com (where mydomain is just placeholder for the URL) in the nextcloudpi panel settings. The other two fields are blank.
According to your screenshot, it looks like you are using Nextcloud Pi.
I’m afraid I don’t have much experience with it, but I’d say it shouldn’t be necessary to manually change anything in the web server configuration, as things like Notify Push should already be configured out of the box.
Again, I don’t have much experience with NCP, so I don’t know exactly what is going on here.
Generally, this can happen when your router performs NAT loopback, causing all connections from within your local network to appear to come from your router’s address instead of the device that initiated them.
To avoid this, make sure all client devices use either Dnsmasq on the Pi or another local DNS server that points the domain name to the Pi’s IP address. This is also known as Split Brain DNS.
Is it normal that you have port 443 and 443 (tcp). Normally that should not do anything.
Can you have a logging of your firewall. Then if you try to connect, you can perhaps see which rule applies. In your logic, for a connection, you go through the list from the bottom to the top, and everything that is not explicitly allowed will be rejected in the end?
Ah no, the first entry is just for the 192.168.50.1 which is not allowed to connect anywhere, this isn’t you Nextcloud server or client?
