Nextcloud Access via VPN

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
,
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version: 27.0.0
Operating system and version : Ubuntu 22.04 LTS
Apache version: 2.4.57
PHP version: Can’t find

The issue you are facing:

Cannot find configuration file to modify Apache listening directives within the Docker container. I’m sorry to make a topic for what is essentially a user-oriented issue, but I’ve spent hours trying to figure this out. I have set up a Wireguard interface on my Nextcloud instance in Linode; I’ve confirmed connectivity, but clients on Wireguard cannot access the Nextcloud web interface. They receive an SSL error when trying to access the interface IP and the request times out when using the DNS name despite putting an override on the VPN gateway.

I have a certificate provided by LetsEncrypt; I suspect the issue is because Apache only listens on the WAN interface IP for port 443 (HTTPS). If you have any additional insights, please let me know; I appreciate any comments.

Is this the first time you’ve seen this error? Y

2

depends on your docker start command.
would you mind sharing the result of docker ps

3

Thanks for responding; please see below

image
image1230×621 21.9 KB

4

imho that’s the line you are looking for:

that answers your question.

is this answer ok for you?
(i don’t know your nextcloud/docker/wireguard skills. that’s why i’m asking.)

1 Like
5

That is the file I was looking for, thank you! I’m still getting the SSL error, so perhaps the issue is that because the certificate is bound to the DNS record with the public interface, it’s denying access through the other interface since it has no certificate (?)

At this point I’m not too sure. The Wireguard interface is still live and has connectivity, I just can’t get to that web portal…

6

letencrypt and any other public certificate will only issue for DNS name. No way to overcome this - for this reason no access to IP address without a TLS warning.

It is not exactly clear what this means. But given the fact you have connectivity to internal IP, you just need to configure your public DNS name to internal IP within VPN (search for “Split-Brain DNS” or “Split horizon DNS”) and you can access your system using public DNS but local IP.

2 Likes
7

To your first point, I figured that was the case. As for the second, yes–i mapped the local IP to the DNS override and it still yields the SSL error, so I suspect there’s a safeguard in place that only allows the webpage to be accessible on the public interface. I believe I could force it to use HTTP, but that wouldn’t be great for security even through a VPN tunnel.

8

@zsilva
Did you manage to solve your problem? I have a similar situation, albeit not using Docker but freebsd jails. I also tried without certificate altogether so I tend to think it is a wireguard dns problem…