ok, I use my domain but presumed that if I typed my domain name it would use the internet, does nextcloud detect my lan then?
Just try. If it doesn’t connect you need to look at your dns or router setup
Hi,
It connects but as you can see by the speeds it is not using even my 1GB NIC let alone my 10gb/E connection
any ideas?
That can be something else. The traffic is likely not going ‘out’ on the Internet and back again. What kind of server are you using? If it’s Linux you can use bmon, bwmon, iftop and the like to check on what network the traffic is going.
Hi,
I am running nextcloud as a docker on my unRAID server, wouldn’t know where to start in running any commands!
I have not set anything in the network options of the Windows Desktop App, everything is set to unlimited as default.
it has only uploaded 150mb so far in the last couple hours.
Easy and quick solution: make an entry for your domain name in your hosts file.
On Windows go to C:\Windows\System32\drivers\etc and open the hosts file in a text editor.
Add the IP and domain name like this:
192.168.0.33 your.domain.com
This will make your computer directly connect via LAN and HTTPS will still work and also there will be no error messages about trusted domains.
1 Like
Hi,
Many thanks @Schmu but that entry into my hosts file prevents connection?
192.168.0 = 1GB LAN
192.168.11 = 10gb/E LAN
That surprises me. Never had that before in a singe, simple network. You mention to subnetworks, could you describe your network setup there?
Is the direct route from your computer to the server’s IP 192.168.11.33 blocked or does the server have two IP adresses? Is the server blocking traffic from specific IPs or subnets?
What this entry should do actually:
Usually when you enter a full qualified domain name, DNS servers on the Internet are questioned for the IP address behind that domain name. That’s why you the network connection to the server is indeed going through your router.
The router could actually know that the target is in the local network and tell the client the local IP address. For security reasons this is usually deactivated (DNS rebind protection) which means the resolution of external names into internal IP addresses is blocked.
Instead of asking external instances for the address resolution, one can use the hosts file to do the address to IP resolution in the hosts file, because domains are tried to be resolved by the hosts file first and if there is no entry then DNS resolvers are contacted.
So the hosts file is simply just for domain name resolution to the local IP and allowing you to still use the SSL certificate (which is often only bound to the domain name) without any browser warnings.
Oh I just noticed: in your hosts file you used 192.168.11.33, in an earlier message above you mentioned you tried to reach your server via 192.168.0.33. And with the local IP you used port 444. Is there a proxy involved?
Hi,
Sorry, I may not have made myself clear, as mentioned above I have 2 networks
192.168.0 = 1GB LAN
192.168.11 = 10gb/E LAN
Both connect to my unRAID server.
You say I mentioned subnetworks but I don’t remember saying this, I just have an unRAID server with a 1GB & 10gb/E port
The router I use is another unRAID server running pfsense as a docker and I used spaceinvader ones setup guide for both nextcloud and pfsense and as stated it seems to work fine except I obviously don’t want to upload local files to the internet and back down again.
Many thanks for your time so far and taking the time to help me!
I’m not sure why we are discussing the wording now. In my humble world with limited knowledge the two networks you mentioned are two subnets. And I know absolutely nothing about unRAID servers and pfsense. If that knowledge is required to help here, I’m out.
I would still check that anyway:
Best practice is to use a DNS server on your LAN to resolve the domain address to the LAN IP. Then it works regardless of location using the same name.
Why use two subnets for different link speeds? That seems needlessly complicated.
Could you explain this? pfSense isn’t a single process and one would not normally run it with Docker, if that’s even possible.
I have no idea how you’d be running pfSense as a docker, as pfSense runs under FreeBSD, not Linux. But if you are running pfSense, your router acts as a local DNS server–just tell it to serve the IP of your Nextcloud installation for that hostname.
Apologies, I meant a VM and do you mean dns forwarding or resolving in pfsense?
Hi, no nothing is blocked…
I do this as I transfer very large files and edit video files on my server, I have 1GB for the whole house and 10gb/E from my Desktop to my server (NVME to NVME)
Ah, a VM makes much more sense (though I prefer to have my router running on its own dedicated hardware). I’m using my pfSense box as a DNS resolver, but the same feature is available both ways–you’d need to enter a host override. See https://docs.netgate.com/pfsense/en/latest/dns/unbound-dns-resolver.html or https://docs.netgate.com/pfsense/en/latest/dns/dns-forwarder.html for more information.
1 Like
I had same issue and I added local IP to Trusted Domains in Config.php
Hi, thanks for this, can I ask do you mean the ip of the desktop machine? Can I use wildcards?
here is my config.php (****** is to hide my domain) & 192.168.11.34 is my 10gb/E connection
‘trusted_domains’ =>
array (
0 => ‘192.168.0.33:444’,
1 =>‘nextcloud.*******.co.uk’,
2 =>‘192.168.11.34’,
),
I think you got it right. I think that message you get “Access forbidden
State token does not match” means something different than I originally thought.
I would try to go to phpmyadmin and in Nextcloud database check
oc_bruteforce_attempts and delete any entry with IP you trying to connect from.
Sorry I’m a noob with Linux and learning now so I wish I could help more.
2 Likes
Many Thanks, it did the trick!
I had to remove the hosts file entry @Schmu advised and edit the config.php as you advised and now working with my 10gb/E connection!
Great Stuff!