How to setup NextCloud on Linux while running a VPN?

ℹ️ Support
, , ,
1

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • Nextcloud AIO v11.8.8
  • Operating system and version (e.g., Ubuntu 24.04):
    • Debian 12
  • Web server and version (e.g, Apache 2.4.25):
    • AIO installation with docker
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • NA
  • PHP version (e.g, 8.3):
    • NA
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yes
  • When did this problem seem to first start?
    • At installation
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • AIO
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • No

Summary of the issue you are facing:

I am trying to setup a NextCloud server on my Linux machine that I am running a VPN on.

The way I am going about it is that:

I made a DDNS account on deSEC and got a domain for that, installed it using ddclient and checked it with ping and it’s up and running.

Now the problem happens when i try to enter this domain in the setup page of NextCloud.

I get this error:

Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. (‘sudo docker logs -f nextcloud-aio-mastercontainer’) If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.

Also attached in the image:

Nextcloud AIO
Nextcloud AIO1911×845 144 KB

Now how can I overcome this error and get to the next page successfully?

Info that might help:

  • I am using Debian 12.

  • And the NextCloud will be installed on my main computer that has a running VPN on it that I don’t want to disconnect.

  • The VPN provider offer port forwarding but i can’t select a specific port

Steps to replicate it (hint: details matter!):

  1. Install Next cloud using the steps from the official github repo:
    GitHub - nextcloud/all-in-one: 📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.
    The installation process is completed successfully and easily and i can access the Setup page through https://localhost:8080

  2. After opening the very first page of the wizard and entering my domain that i created successfully using deSEC and tested it using: ping nc.myexample.domain

  3. I get this error:
    Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. (‘sudo docker logs -f nextcloud-aio-mastercontainer’) If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

Not applicable as i haven't finished the wizard yet

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

NA

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

NA

Configuration

The “Log files”:
This is the closest thing to a “log file” i could found in my case by running this command in the terminal:

docker logs -f nextcloud-aio-mastercontainer

The output:

Trying to fix docker.sock permissions internally...
Creating docker group internally with id 135
...+......+....................+.+......+...+..+.........+.+.........+.....+......+...+......+....+++++++++++++++++++++++++++++++++++++++++++++*...+.....+...+.+......+...+.....+...+....+........................+.....+......+......+..........+.....+++++++++++++++++++++++++++++++++++++++++++++*......+........+.........+.+........+.......+...+.........+........+.......+...............+.................+...+.+.....+.+........+......+...................+......+.........+..................+..+......+.........+.......+..............+......+................+............+...+.......................................+.........+......+........+.......+...+..+...+++++
.....+.........+.....+.......+.....+....+......+++++++++++++++++++++++++++++++++++++++++++++*..+....+...+...+............+...+...+.....+....+..+++++++++++++++++++++++++++++++++++++++++++++*...........+.........+......+...............+....+..+.......+...+...+..+........................+.........+.+...+.......................+.........+...+.+..+....+.........+..........................+...+.......+........+++++
-----
Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!

If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443
/usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
  import pkg_resources
{"level":"info","ts":1758373617.5402346,"msg":"maxprocs: Leaving GOMAXPROCS=8: CPU quota undefined"}
{"level":"info","ts":1758373617.5404062,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":22582473523,"previous":9223372036854775807}
{"level":"info","ts":1758373617.540444,"msg":"using config from file","file":"/Caddyfile"}
{"level":"info","ts":1758373617.5417027,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"info","ts":1758373617.543201,"msg":"serving initial configuration"}
[Sat Sep 20 13:06:57.655984 2025] [mpm_event:notice] [pid 171:tid 171] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.5.2 configured -- resuming normal operations
[Sat Sep 20 13:06:57.656064 2025] [core:notice] [pid 171:tid 171] AH00094: Command line: 'httpd -D FOREGROUND'
[20-Sep-2025 13:06:57] NOTICE: fpm is running, pid 176
[20-Sep-2025 13:06:57] NOTICE: ready to handle connections
Deleting duplicate sessions
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10001 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10001 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
Deleting duplicate sessions
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
NOTICE: PHP message: Could not get digest of container nextcloud-releases/aio-domaincheck:latest cURL error 6: Could not resolve host: ghcr.io (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://ghcr.io/token?scope=repository:nextcloud-releases/aio-domaincheck:pull
NOTICE: PHP message: Not pulling the ghcr.io/nextcloud-releases/aio-domaincheck image for the nextcloud-aio-domaincheck container because the registry does not seem to be reachable.
NOTICE: PHP message: Could not get digest of container nextcloud-releases/all-in-one:latest cURL error 6: Could not resolve host: ghcr.io (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://ghcr.io/token?scope=repository:nextcloud-releases/all-in-one:pull
NOTICE: PHP message: Could not get digest of container nextcloud-releases/all-in-one:latest cURL error 6: Could not resolve host: ghcr.io (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://ghcr.io/token?scope=repository:nextcloud-releases/all-in-one:pull
NOTICE: PHP message: Could not get digest of container nextcloud-releases/all-in-one:latest cURL error 6: Could not resolve host: ghcr.io (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://ghcr.io/token?scope=repository:nextcloud-releases/all-in-one:pull
NOTICE: PHP message: Could not get digest of container nextcloud-releases/aio-domaincheck:latest cURL error 6: Could not resolve host: ghcr.io (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://ghcr.io/token?scope=repository:nextcloud-releases/aio-domaincheck:pull
NOTICE: PHP message: Not pulling the ghcr.io/nextcloud-releases/aio-domaincheck image for the nextcloud-aio-domaincheck container because the registry does not seem to be reachable.
NOTICE: PHP message: Could not get digest of container nextcloud-releases/all-in-one:latest cURL error 6: Could not resolve host: ghcr.io (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://ghcr.io/token?scope=repository:nextcloud-releases/all-in-one:pull
Deleting duplicate sessions
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10001 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10001 milliseconds with 0 bytes received
Deleting duplicate sessions
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10003 milliseconds with 0 bytes received
NOTICE: PHP message: The response of the connection attempt to "http://my.domain55name.dedyn.io:443" was: 
NOTICE: PHP message: Expected was: b1c...................................f
NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received

Please reply to me soon and feel free to ask for any extra details you need.

Thanks in advance.

2

Did you follow the instruction of the error massage and open ports 80 and 443 on the router and firewall and forward then to the Nextcloud computer?

3

I never would do that. I would use the physical Debian Server only as a Virtual Machines Host (using KVM/QEMU) and install two seperate virtual Machines (also Debian). One as VPN-Server and the other one for my Nextcloud. Also Proxmox might be a good choise.

But well its your choise.

1 Like
4

Yes I did open the ports in the ufw and still the same error

5

Okay please give me more details i am really new to this
I don’t have another physical machine it’s just my laptop that i use for my personal and work stuff.
I need a next cloud server so i can eaisly and securley sync the most important stuff from my phone to that cloud.
I am willing to learn and do what you are suggesting but explain more in easy terms.
What do i need to implement the system you are suggesting exactly? Hardware and software wise.
Do i need another computer or a rasperi pi for this ?
Why do i need 2 virtual machines ? why not just one ?
And what are the specs of that machine ?
Would i still be able to run a commercial vpn on it like proton or mullvad or not ?
And the most important question of them all
What can i do to run the next cloud on my current computer without having to spend any more money on a new server ? (Without having to turn off the commercial vpn i am running currently)

6

So you want to install Nextcloud on a Notebook you are using as your only Computer? This is possible but by no means recommended.

Also installing a Cloud in a KVM/QEMU Virtual Machine on a Notebook using WIFI to connet to LAN and WAN is nothing i would recommend. The KVM/QEMU Host shall be connected by CAT-Cable to the LAN and WAN.

I’m afraid you can’t do anything useful that I could recommend without having to spend any more money. I am sorry, but i simply wont do what you have in mind.

You don’t even tell us what mobile OS you are using, like Android, iOS. One option to sync easily and securley the most important stuff from any Android phone is rsync. But the question is: do you use Android?

Just for syncing or even better backup your mobile phone data you don’t need a cloud server. That would be a bit like shooting sparrows with cannons.

7

Hello @devotee7483,

I had similar thoughts and found there maybe 1000 solutions to address this and similar issues depending on what you want to achieve exactly.

I had the idea (but did not carry it out completely) to actually rent a virtual private server (only few bucks a year, you do not need a big one). Then, you add another VPN between your machine and the VPS and forward any incoming traffic on certain ports of your VPS to the VPN-connected machine. Adding a fallback should be possible as well (some sort of informational page “this page is currently not available. Please come back soon”).

This was the most direct answer to your question. I am with adelaar that it might really be a bad option and maybe other options fit your use case better (syncthing?)

If you really want to go the route, you should verify, that another machine on your LAN can access the nextcloud first (in fact checking your config and firewall). Then, you can stepwise enlarge the scope over your router (checking port forwarding) and then global addresses.

Chris

8

Android
The thing is i have more than one smartphone 2 at the moment that i use both and want to have a simillar experince to the google cloud
I want to be able to sync contacts
To sync Joplin backup with each phone and the laptop as well
To make automatic backups to certain important folders
Sync a certain documents folder on my laptop with both phones to have any file added to that certain folder be changed on both phones or if i add a file from one phone to that folder then it syncs again with everything else
And so on
It’s a simple system
I don’t know why you guys are making this seem more difficult than it should be
I understand that it’s not “ideal” and that i should have a seprate device or a rasberipi to use as that “cloud” but i can’t have that at the moment.
And even if that was possible
I still would like a solution to such case
There has to be a way
Why not ?

9

Hello @christianlupus
Thanks for your reply
So that “VPS” can i make that myself ?
The point also is not just the money, it’s that i am trying to make every thing as local and private as possible i really care about privacy and that’s why i am trying to selfhost that cloud myself
Another thing is, from what i understood from what you suggested is that the VPS would be an intermediator between my phone and the cloud which is my laptop
So why do i need that ? Why can’t i access the ddns that i created to connect to my server ?
It’s up and running, why do i need the VPS ?

I can’t create that cloud as mentioned i am stuck at the page where i enter the domain
I opened all the ports requested from the firewall but still the same error.
And regarding why do i need a cloud in the first place it’s as i mentioned here:
The thing is i have more than one smartphone 2 at the moment that i use both and want to have a simillar experince to the google cloud
I want to be able to sync contacts
To sync Joplin backup with each phone and the laptop as well
To make automatic backups to certain important folders
Sync a certain documents folder on my laptop with both phones to have any file added to that certain folder be changed on both phones or if i add a file from one phone to that folder then it syncs again with everything else
And so on. In a nutshell i want to have the cloud experience the google drive, contacts, docs, etc.. experience

10

I agree with you 100% on this issue. I do it exactly the same way. But to make that really good, stable and secure, i was willing to spend some money für separate Hardware, and do this NOT on my daily use Notebook.

That you want to do it on your daily use Notebook is the point i disagree with you.

1 Like
11

No, as I said, this is a rented piece of hardware on the net. So, you effectively rent a tiny fraction of a big server by a hosting company.

That is not the point here. The data is still on the machine you control. But once you want to go in the big www, you are no longer local. You need to accept that you cannot act a an internet service provider and roll out a private net of cables all over the world (at least not practically).

As I said, you do not need it. It might be more convenient but as I said, there are maybe 1000 options out there.
The VPS makes you completely independent of dDNS as it tends to be brittle. You get a static IP (which is an assumption on many server instances). But you can (given the hardware of yours allows this and your ISP does not block access to your end point and you ghet a valid IPv4 and …) to circumvent this.

OK, this is more than you wrote in the first post. I will not argue with you here. Just wanted to give you alternatives in case this is too much effort for too little benefit.

You are struck on a page, so you already try to access it via web interface. From which machine? Via which IP/host name?

You will probably not have one but multiple filewalls to think of. Which one are you talking about? On which machine is it? Where is port forwarding enabled?

12

@adelaar I got it now brother thanks
So let me start over with you
How did you do it ?
Is there a specific configuration
Please tell me the steps
1-The hardware “ingredients” that i would need
2-What are the exact steps
like:
1-Install debian
2-Install a certain list of prerequisites
3- ….
etc.
But the result i want so we are completely on the same page
A server that i can connect to reliably and securely and that is also ALWAYS connected to Mullvad or Proton VPN
Is that result possible ?
Thanks in advance

13

Yes exactly i followed the All In One installation (AIO) guide from the Github for Linux and managed to successfully install the Docker container and the next cloud AIO
Then I:
1.Opened my web browser
2.Entered https://localhost:8080
3.Accessed the page i added in the post
4.My ip is dynamic for 2 reasons:
1.It’s a residential internet and by default it always change
2.I am always using a vpn for my privacy so again that means my IP can change constantly
So to overcome the need for a fixed IP address that is needed in that page
I went to the alternative solution which is to create and use a Dynamic DNS (DDNS)
I created one using this service: deSEC
5.I entered that created domain in the requested field as in the picture here:

Nextcloud AIO
Nextcloud AIO1911×845 144 KB

6.Then i clicked Submit Domain
7.Finally i get this error:
”Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. (‘sudo docker logs -f nextcloud-aio-mastercontainer’) If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.”
8.I tried to fix it by opening the firewall app in linux and setting an exception for the mentioned ports 443, 80 and 8080
But that doesn’t make any differnce
Then i tried to turn off the VPN
But again this didn’t make any difference

And finally to exactly answer your question:

The main machine
The same machine
All of what i mentioned here is happening on the same computer the one i am using for my daily use that has vpn on it and has the docker with the next cloud intaller on it and the one i am trying to set the nextcloud on as the “Server” or the “Cloud”
And regarding port forwarding
The VPN has port forwarding but it doesn’t allow me to select which port to open
So now you have all the details
(If you need anything else please ask)
What should i do now ?
Where do i go from here ?
I know it’s not ideal but let’s say i want to create a system like this
How would that be possible ?
There has to be a way
P.S
I forget to mention that i installed the DDNS or connected the domain i created with my system using an app for linux called ddclient in the Debian repo.

Excuse me if some of my terms are not as accurate as possible but i am new to self hosting and doing my best to learn

14

Actually my ISP offer this service
A fixed IP
But which is more “private” to rent the VPS from a 3rd party provider or from my ISP ?

Do you know any other option rather than using the VPS?
If so please let me know
And thanks for your time