Nextcloud access outside home network

ℹ️ Support
1

hello all,

good evening.

im using Nextcloud 18 without any issues, but recently my home network modem/router got hit with DoS attacks bringing the cable modem/router down every now and then.

i was using port forwarding on the router so i could have access from the outside into my Nextcloud using port 443 with SSL but had to disable it due to the amount of time i was getting the router down.

how are yall accessing your nextcloud appliance from outside?

so far ive seen options of ddns, vpn, reverse proxy, but i still have some questions on how would those be accessible from the outside into my home network.

any ideas you could recommend me?

im using a Netgear C6300 and already have a vpn service.

thanks in advance!

2

if you’d need to close the needed ports there won’t be any other way to access your nextcloud other than via vpn.

3

You could ask you ISP provider if you can have another IP address.
I get ddos one time, impossible to watch IPTV or browsing the web. I had another IP from my provider.

4

Hi!

I would strongly recommend to check out this guide:

I have written it all out step by step and it will surely make your setup more secure and flexible to such attacks.
Please note that it requires a low end host (likely a VPS) that can relay traffic for you.

5

I did ask them, but it will take 24 hours to be offline for the new IP address to kick in.

Another solution I’m testing is having a custom port setup on my modem and have my registrar forward to the ipaddres:custom_port

6

On my own opinion 24h without internet is not to hard in order to have a new IP address. It worth it

7

It wouldn’t be too hard, but we are working remote and 24 hours without internet and with kids at home, its an eternity… :frowning:

8

Keep this option in mind if after covid 19 you’re still under ddos

9

i started noticing dos attacks on my router around the same time everyone got quarantined in Europe… :worried:

10

So, i found a way, but unfortunately its somehow not completely using SSL from certbot.
I’m using a direct ip with custom port to access from outside.

11

You can still get a cert from certbot using the dns verification methode. Look at the documentation it’s in cerbot certonly.
Then you can modify your Nginx or apache server for having ssl on that specific port.

12

that looks interesting…

im still having issues getting it to work properly…

this is what ive got so far:
domain test.com being forwarded to https://1.2.3.4:1234

on router, external port is 1234 and internal port is 443.

i was able to enable port 80 to run lets encrypt and the challenge worked, but immediately started seeing foreign ip addresses so port forwarding to 80, got disabled.

not sure if im doing this correct or i need to start looking for a different option. :frowning:

13

This kind of config can work.
Learn to use certbot in the certonly mode in order to don’t have to open port 80 anymore.

14

so, i just made another change and it looks to be working normally.

what i did was using domain test.com:1234 forwarded to 1.2.3.4 and was able to access it from the outside. :slight_smile:

now my only issue is being able to use https://test.com:1234 on OnlyOffice Document Editing Service address which is giving me error “Error when trying to connect (Bad healthcheck status)