ISP AT&T blocking port 443: What is the best way to get around this issue?


I’m sorry if this is a dumb question but I’ve been struggling with this issue for about a month.

I have installed NC on my home desktop and I’m using it as a personal cloud server. It is working very well. I used [this ansible playbook here] and found it relatively easy all things considered (I am a complete newbie with servers etc).

I thought this was great and since my parents had an old desktop lying around I decided to set up a NextCloud Server for them too. The installation went well and it was easy to access it at first from within the local network but it became apparently that it was not possible to access things from outside the network.

I did a lot of investigating, fussing with it, and probably made it worse. But I’m at the point where I’m pretty darn sure that the ISP is blocking 443.

I can not get a direct confirmation from AT&T because the US is crazy and allows telecommunication companies to have massive monopolies who don’t care about their customers and treat them like garbage.

But I have set up port forwarding on the router so that any traffic coming in on port 443 to the public IP should then get routed to the private IP of the server. I can confirm that this works by successfully using {{public-ip}}:443, or {{hostname}}:443 to connect to NextCloud while on the local area network.

I have completely uninstalled my NextCloud installation and my plan is to install everything fresh and clean, and do so in a way which works. Is there is thing I can do or need to know that will do the follow.

I want to create a nextcloud server that:

  1. is accessible from outside the house
  2. Through a browser.
  3. Through an easy to remember hostname that doesn’t require the user to enter in their port number etc
  4. that runs exclusively https
  5. that is compatible with the desktop and mobile clients without any additional weird configurations.

Is this possible? What can I do to make this possible?

I’m sorry if my ignorance makes this difficult. I don’t really know what ideas will work and which won’t. I thought, maybe I could run SSL on port 80 through the browser, but then browsers only do https through 443 right?

In theory browsers can do SSL on any port:


However, if the port is not 443, you must always specify the port and if you don’t use standard ports, this might be blocked by some operators (sometimes on free wifi connections). So if anyhow possible, I would use port 443. But with your port forwarding working, where is your issue? For the hostname you just need a dynamic dns service (that let’s you use letsencrypt certificates).

if the ISP would block all port 443-traffic it would never arrive at his router.

So 443 is blocked but 8443 is not. 8443 is the only port as far as I can tell that isn’t blocked. So I did the install and they’ve got to run it with a mandatory {{hostname}}:8443 at the end of everything but it seems to work okay so far and that’s good enough for me now I guess. I found another thread which said that it is possible to access alternative ports using the clients as long as you explicitly specify that they are https and 8443. It’s kind of hacky but it works!

1 Like

Sorry, I misunderstood and thought he managed to solve it.

Change the provider if or when you can. Perhaps one day you have an alternative ISP.

You can check if 443 is blocked here:

Thanks that’s an excellent website. I used, nmap, and various hosted versions of nmap that came up in google search but that website is probably one of the better interfaces I’ve seen thank you.

Anyway I consider this issue basically solved. I mean it would be nice if there was a solution to getting around them blocking 443 but it seems that using 8443 is the only realistic way from what I can tell.

I prefer to use Port Checker to test open ports.

If your ISP blocks port 443, you have little recourse but to not use port 443. You should be fine using a different port if you’re willing to do that. The only workaround that comes to mind would be an elaborate port forward or reverse proxy from another site where it isn’t blocked.