I have managed to configure my new NextCloud box so that I can login with SSH. Now I would like to enable Https, open the box to the internet so that my Nextcloud synchronization will occur when I am aware from home with my laptop, and install Collabora. I have read a little about all of these matters but the help available is somewhat diffuse and not easy to follow.
I am following the Wiki but it leaves out a lot of detail. To open up the box to the internet I need to ‘Register for a service which redirects a domain name to your home network’, and when I try to use ‘sudo extcloud.enable-https lets-encrypt’ I need to ‘…have the domain name(s) for which you want certificates pointing at the external IP address of this machine’.
These two things are perhaps both the same? Could somebody kindly explain, or point to an appropriate resource, how I can ‘Register for a service which redirects a domain name to your home network’. I have tried to search for information but I have been unable to find anything that provides a clear explanation.
With grateful thanks.
One which is very common is https://dyndns.com they have a free version and a premium version for which you could use different domains (or if you want use your own domain).
Another would be https://noip.com
Thank you for the two replies: everything is becoming a little clearer. It seems that dyndns may not have free accounts any more, although noip.com does. My home hub recognizes several additional providers (changeip, easydns, zoneedit, updates.dnsomatic). I am looking at them all, and I am considering buying a domain name for my own use, and then using that.
You need to check if the provider of the domain where you want to buy it offers the ability to redirect with DynDNS, i know strata does if it helps…
Many thanks again. I am thinking of using noip.com, as their enhanced DNS package can include registration of a domain name - this helps to keep it simple.
From where do you come @aridus?
A strato .de domain costs 2€ for the first year and has dyndns option… don’t think noip is that cheap
I use another service, which definitely is completely free, namely FreeDNS by NameCheap. In short, how it works, is that you use NameCheap’s name servers in the nameserver setup of your domain name. Then, NameCHeap give you a username and a password that’s unique to that domain. You can then use an external client (I use ddclient on Linux) with that username / password, to regularly check your public IP address and redirect your domain name to it when it changes.
It’s worked flawlessly for me for years now without paying a penny.
Thank you, Bugbane, for describing this clever approach. I’m not sure that it is within my technical capabilities, but I am looking into it.
Yu say you’re in UK? Same here. My ISP, Plusnet, gave me a static IP for a one off fee of only 5 quid! I think most UK ISPs offer similar. Much easier than messing about with a dynamic DNS
HoppySpadge: many thanks - I didn’t even realize this was possible, and I may consider it once I have it figured out. For now I have made some progress with DNS and have now at least, with the help received here, managed to answer my initial question regarding how to ‘Register for a service which redirects a domain name to your home network’.
However, although I am able to open port 80 on my BT Smart Hub, port 443 stubbornly refuses to open (see ).
I have posted a query on the BT FORUM (https://community.bt.com/t5/Connected-Devices-Other/Openi-ng-ports-80-and-443-on-a-BT-Smart-Hub/m-p/1748604/highlight/true#M140412). There are various other queries on the Forum regarding port 443 but none of which seem to help in my particular case.
@Aridus. I think there’s some basic confusion in that forum. Ports 80 and 443 will always be open for ‘outgoing’ - IOW your PC connecting from inside your network to the outside world, eg when yu surf the internet. What is always blocked is ‘incoming’ which stops anyone from the outside establishing a new connection into your network. In router terms these are called ‘egress’ and ‘ingress’. When yu type say bbc.co.uk in your browser your router goes out thru port 80 and establishes what is called a ‘state’ with bbc.co.uk - this state enables bbc.co.uk to send data back to you. However because ingress is blocked bbc.co.uk cannot start the conversation and establish a state.
You need to search on what is called ‘port forwarding’ whereby yu setup your router (your BT Home Hub) to:
a) open port 443 for incoming (ingress) so that any attempt to connect from the outside world on TCP port 443 to your IP address, or DNS registered domain, will be allowed in.
b) tell the router to forward that traffic to the internal IP of your nextcloud box - something like 192.168.x.x
This would allow say your smartphone contacts app to establish a connection state to your Nextcloud box and sync contacts for example.
This poses security risks however because anyone can type aridus.co.uk into their browser and they will be presented with your nextcloud login screen. Make damn sure yu setup the password from hell!! Like 4$G$7*NjADsJiX8s for example.
An alternative to opening ports on your home network, running a 24/7 server, and all the palava that this involves is to run your nextcloud on cloud VPS like digital ocean. They have automatic installs for nextcloud - you just click ‘install me a next cloud server’ (or sommat like that) and 2 mins later you have one - piss easy and only USD 5 per month.
Good luck…but be careful. There are very bad people out there constantly trying to get into your home network…
@HopopySpadge Many thanks for your thoughtful and helpful reply. On my router I can do port forwarding for ports 80 and 443, and if I do so my nextcloud box login is accessible from outside my home network (and I use a very very long complicated password). However, although the router indicates that both ports are open, using nmap indicates that port 80 is open and port 443 is closed.
Without port 443 open I am unable to enable https (as indicated at https://github.com/nextcloud/nextcloud-snap/wiki/Enabling-HTTPS-(SSL,-TLS)): trying to do so results in an error. For security I do not wish my nextcloud login to be available outside my home without https. Until I can resolve this problem I have therefore removed port forwarding.
As you may have guessed I am new to all of this but I am learning…I hope.
If I check with 'sudo nmap -sT -O ‘XX.XX.XXX.XXX’ when the ports are not forwarded, the output is
‘All 1000 scanned ports on host…are filtered’
If I forward ports 80 and 443 and rerun the nmap command, the output is
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
I am reporting here that I have now resolved this problem, and have been able to enable https on the Nextcloud box, following the Wiki (https://github.com/nextcloud/nextcloud-snap/wiki/Enabling-HTTPS-(SSL,-TLS)). I think that nmap was not reporting that port 443 was open because it was not been used. I was misled by the fact that when I initially tried to follow the wiki instructions, with ports 80 and 443 open, I was unsuccessful. A subsequent try yesterday was, however, successful!