Https port on internal vs external network

Hi, just heard about nextcloud and decided to check it out.

Edit: Docker pihole was set up to block all 443 traffic; I am still curious to hear if anybody has a good way to run those two side by side on the same machine.

Edit 2: I circumvented the issue by moving pihole to an old rpi1

disclaimer, as a new user I cannot post more than 4 links, this post does not have any links, but examle URLs, I have in the following replaced colons with semicolons, i.e. http:// to http;// and dots in IP addresses and domain names, replaced with commas

I set up nextcloud via snap on my 64bit raspberry pi os (rpi4) with https on port 4443, externally this is forwarded so the standard port, 443 will point me to nextcloud through my domain. I set it up like this with letsencrypt certificate. (port 80 was also altered to 8080 and 8080 internally was forwarded to 80 externally)

I made a ufw rule to allow tcp on 8080 and 4443

It works as intended from external network, so I set up a Dnsmasq Option, to let the domain point directly to local IP address of the nextcloud server; address=/my,local,domain/192,168,X,Y

both my.local.domain and 192.168.X.Y was set at trusted domains for nextcloud using
sudo /snap/bin/nextcloud.occ config:system:set trusted_domains 1 my,local,domain
sudo /snap/bin/nextcloud.occ config:system:set trusted_domains 2 192,168,X,Y

The result is now that I can access nexcloud from external networks at https;//my,local,domain while I need to specify https;//my,local,domain:4443 if I want to access the server while on my local network.

I figured out that I just occupy the local port 80 from a pihole docker, and that nothing is running on 443.

I would like to streamline the access to my nextcloud server, so I just can use https;//my,local,domain regardless of being on internal or external network.

the expected behavior would be that externally using https;//my,local,domain externally should give the instance of nextcloud.

If typing http;//my,local,domain would let the browser figure out it needs to use ssl and reload https;//my,local,domain giving me the nextcloud instance,

https;//my,local,domain from internally would automatically use the default port 443 and give me the instance.

Not sure what behaviour to expect from trying to access http;//my,local,domain internally, but is would not be relevant if it fails, gives me nextcloud, or the internal pi hole.

I hope my question makes sense. If anyone knows the solution, or have a better way to deal with this, I will be happy to hear.

Thank you very much.

1 Like