I have Nextcloud setup on a local linux server. Its works fine across the internal intranet with"trusted sites" including ‘localhost’ and also the ip address of the server ‘192.168.1.5’
I am trying to acces via external dynu ddns site as I have a changing IP. I know I have the routing fine as I get the “from untrusted domain” notice on the ip domain names when I try to access that way.
I have all my dynu URL’s in the config file. However, the only way it gives access is if I put my actual current public IP address in the config file. All my domains direct to whatever my periodic updates public ip address is (as all dyn dns do).
How can I overcome this so the URL domain names work (since they point to my current public IP) and not have to keep changing it manually in the config file. Kind of defeats the point of having dynamic dns?
Everthing works, because all those domains of course resolve to that IP.
Any thoughts. Could it be something to do with how DYNU sends the data?
As my ISP blocks ports 80 and 443 I have to do a port forward to get around that, hence the 81. But I figure that the routing is okay as I do get the "untrusted domain’ message in the first case and the correct site if I include the current IP.
The proper solution is to use split-horizon DNS and only use the FQDN to access it.
Split-horizon DNS is where you run a local DNS server that resolves the name to the local IP while on your local network. If you use a reverse proxy, the local copy of the DNS zone should point to it.
Thank you. I am not sure how this, helps as the issue is I can’t access nextcloud by the FQDN from outside. I can easy from inside using the 192.xxx.xxx.xxx IP.
Are you suggesting from outside would come into my internal DNS split-horizon server via the FQDN and then that server would resolve it to the local IP. Sorry, I am a bit new to some of this.
Thank you for helping.
Dan
Either run nextcloud in a subfolder or directly in the main directory. I would run it always in the main directory and in case you want to run other services, use a different subdomain. Either way, you wouldn’t put the folder here at all. To define the primarily used name (for notification mails, mails for sharing, …), use the overwrite.cli.url parameter and the overwritewebroot parameter for subfolders (if you don’t use a subfolder, it’s just ‘/’)
And the ssl-certificates don’t show warnings (it’s an indicator if the setup with hostnames is right)? You have a certificate for drive.daxxxxxnd.us and daxxxxxnd.us (or a wildcard)?
If you change the port during forwarding, Nextcloud has to take this into account, check out the additional proxy settings here:
port 80 and 443 are really blocked all the time, you can’t unblock them if you want to use them? The problem with non-default ports is that they might be blocked in some networks (e.g. free hotel wifi)
The only thing I’ve found my ISP to block is port 25, so I can do whatever I want except host my own email. I’ve been tempted to run a cheap VPS mail relay.
Are you sure about that? You’re saying your DDNS provider is relaying traffic for you through their system and NATing the port for you…? I would suggest checking your web server logs or running tcpdump to verify outside traffic is reaching the system at all.
Ok, let me try to explain. When you run split-horizon DNS, this means that you have public DNS records that are used by everything that isn’t on your local network, and these point to your external IP address.
But then you also have a DNS server on your local network, used only by computers on your local network, running a different copy of your DNS zone, which has the private IPs in the records.
So let’s say you have Nextcloud on your phone. When you are away from your LAN, the DNS records will point your phone to the external IP. But when your phone gets on your WiFi and used your private DNS server, now DNS resolves the same name to the LAN IP.
In this setup, you never use 192.xxx.xxx.xxx to access the server. You always use the same name, regardless of where you are.
Yes. ISP is iinet in Australia. There is an on going major issue with them re port blocking when they shouldn’t be on Fibre to the building nbn. It may become a class action as so many complaints.
I use dynu DNS. It’s great and yes I can access my web server from anywhere. Dynu port forwards 80 to 81, my router picks up the 81 and port forwards to 80 on the internal server. All works for website and other things. It’s only when I setup nextcloud that I have issues with nextcloud and the untrusted domain thing.
My phone seems to happily swap between internal IP and external when I come into my network.
I have decided to start from scratch with nextcloud and use a docker container.
Will see how that goes. Would really like to get it going as I having a Dropbox alternative would complete my endeavor to have all my needed functions not reliant on third-party solutions.
If it says access from untrusted domain, that means the domain in the browser address bar isn’t among those in the config as trusted domains, or that a reverse proxy needs additional setup.
I wrote a guide for doing a Docker setup. Take a look.