Nextcloud AIO works fine on web, but how to access it via local IP? (newbie)

pandora · October 23, 2024, 11:32pm

Nextcloud version: Nextcloud Hub 9 (30.0.1) / Nextcloud All-in-One v9.7.0
Operating system and version: Linux Mint Mate
Apache or nginx version: nextcloud/aio-apache:latest (not sure where to find version #)
PHP version: 8.2.24

The issue you are facing:

Hi everyone,

I have installed Nextcloud AIO on a Linux Mint Mate via docker, using the default convenience script & settings as described here on the github.

The nextcloud instance works fine if I access it through the web, but I cannot seem to access the regular login via a local IP. I want that for higher transfer speeds.

The server’s internal ip is 192.168.1.23.

In my router I have forwarded ports (out of desperation I forwarded all of them):
443 → 192.168.1.23:443
8443 → 192.168.1.23:8443
80 → 192.168.1.23:80
8080 → 192.168.1.23:8080

I have tried to connect to all of these ports:

https://192.168.1.23/ tells me SSL_ERROR_INTERNAL_ERROR_ALERT
https://192.168.1.23:80 tells me SSL_ERROR_RX_RECORD_TOO_LONG
https://192.168.1.23:443 tells me SSL_ERROR_INTERNAL_ERROR_ALERT
https://192.168.1.23:8443 tells me SSL_ERROR_INTERNAL_ERROR_ALERT

https://192.168.1.23:8080 gets me to the Nextcloud AIO admin panel, where I am supplied the initial passphrase. From here I can click through to my nextcloud, but it will direct me through the internet rather than my local network.

What I want is to use a local ip to get to the regular login screen, which will let me log into my user account. If anyone could explain in simple terms how I can achieve that, that would be much appreciated!

I’m a huge newbie at networking and linux and an amateur who is a bit in over my head, so please keep in mind my limited knowledge level! I may need some ELI5 directions…

Is this the first time you’ve seen this error?: Yes. I previously used NextcloudPi and on that it was no issue accessing nextcloud via an internal ip.

The output of your config.php file in /path/to/nextcloud:

<?php                                                            
$CONFIG = array (                                                    
  'one-click-instance' => true,     
  'one-click-instance.user-limit' => 100,                            
  'memcache.local' => '\\OC\\Memcache\\APCu',          
  'apps_paths' =>                                                    
  array (                                       
    0 =>                                    
    array (                                            
      'path' => '/var/www/html/apps',                              
      'url' => '/apps',                                                                    
      'writable' => false,                                                                 
    ),                                 
    1 =>                                          
    array (                                                          
      'path' => '/var/www/html/custom_apps',                         
      'url' => '/custom_apps',                 
      'writable' => true,                         
    ),                                                 
  ),                                               
  'check_data_directory_permissions' => false,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',  
  'redis' =>                                      
  array (                                                            
    'host' => 'nextcloud-aio-redis',                        
    'password' => '<censored>',
    'port' => 6379,                               
  ),                
  'overwritehost' => 'my.domain.url',                           
  'overwriteprotocol' => 'https',                                    
  'passwordsalt' => '<Censored>',                
  'secret' => '<censored>',    
  'trusted_domains' =>                                               
  array (                                                            
    0 => 'localhost',                                                
    1 => 'my.domain.url',                                       
  ),                                                               
  'datadirectory' => '/mnt/ncdata',                                                        
  'dbtype' => 'pgsql',                                                                     
  'version' => '30.0.1.2',                                       
  'overwrite.cli.url' => 'https://my.domain.url/',          
  'dbname' => 'nextcloud_database',                                  
  'dbhost' => 'nextcloud-aio-database:5432',                         
  'dbport' => '',                                      
  'dbtableprefix' => 'oc_',                            
  'dbuser' => 'oc_nextcloud',                          
  'dbpassword' => '<censored>',
  'installed' => true,                                               
  'instanceid' => 'ocx5k40tc0s3',                                    
  'maintenance' => false,                                            
  'updatedirectory' => '/nc-updater',                                
  'loglevel' => 2,                                                   
  'app_install_overwrite' =>                                         
  array (                                                            
    0 => 'nextcloud-aio',                                            
    1 => 'side_menu',                    
),                                                                 
  'log_type' => 'file',                                              
  'logfile' => '/var/www/html/data/nextcloud.log',                   
  'log_rotate_size' => 10485760,                                     
  'log.condition' =>                                                 
  array (                                                            
    'apps' =>                                                        
    array (                                                          
      0 => 'admin_audit',                                            
    ),                                                                                     
  ),                                                                                       
  'preview_max_x' => 2048,                                           
  'preview_max_y' => 2048,                                           
  'jpeg_quality' => 60,                                              
  'enabledPreviewProviders' =>                                       
  array (                                                            
    1 => 'OC\\Preview\\Image',                                       
    2 => 'OC\\Preview\\MarkDown',                                    
    3 => 'OC\\Preview\\MP3',                                         
    4 => 'OC\\Preview\\TXT',                                         
    5 => 'OC\\Preview\\OpenDocument',                                
    6 => 'OC\\Preview\\Movie',                                       
    7 => 'OC\\Preview\\Krita',                                       
  ),                                                                 
  'enable_previews' => true,                                         
  'upgrade.disable-web' => true,                                     
  'mail_smtpmode' => 'smtp',         
 'trashbin_retention_obligation' => 'auto, 30',                     
  'versions_retention_obligation' => 'auto, 30',                     
  'activity_expire_days' => 30,                                      
  'simpleSignUpLink.shown' => false,                                 
  'share_folder' => '/Shared',                                                             
  'one-click-instance.link' => 'https://nextcloud.com/all-in-one/',                        
  'upgrade.cli-upgrade-link' => 'https://github.com/nextcloud/all-in-one/discussions/2726',
  'maintenance_window_start' => 100,                                                       
  'allow_local_remote_servers' => true,                                                    
  'davstorage.request_timeout' => 3600,                                                    
  'htaccess.RewriteBase' => '/',                                                           
  'dbpersistent' => false,                                                                 
  'auth.bruteforce.protection.enabled' => true,                                            
  'ratelimit.protection.enabled' => true,                                                  
  'files_external_allow_create_new_local' => false,                                        
  'trusted_proxies' =>                                                                     
  array (                                                                                  
    0 => '127.0.0.1',                                                                      
    1 => '::1',                                                                            
    10 => '172.18.0.0/16',                                                                 
  ),                                                                                       
  'defaultapp' => 'dashboard,files,notes,calendar,contacts',                               
);

devnull · October 24, 2024, 6:58am

Access leads to errors because the SSL certificates are issued for names and not for IP addresses.

Your actual error is that you are trying to access internally via IP addresses and not also via names.

Try configuring it so that you can use names from anywhere. Then you don’t have to constantly switch the Nextcloud clients such as Android or IOS to different names between LAN and Internet.

bb77 · October 24, 2024, 7:02am

but how to access it via local IP

Short answer: You don’t!

Longer answer: the previous post by @devnull, and you might als want to take a look at this: 101: Split-Brain DNS (split-horizon)

szaimen · October 24, 2024, 7:03am

There is also this docs on the topic: GitHub - nextcloud/all-in-one: 📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.

paulus.hdk · October 26, 2024, 4:13pm

I have caddy reverse proxy and port forwarded 80 and 443 in the router. For local access, you need a local DNS entry that rewrites your domain do the local IP.

pandora · October 26, 2024, 4:45pm

Thanks for your response. However, setting up reverse proxies and other such advanced networking is much beyond my knowledge level. To be honest, I wonder in fact if anyone who has such capabilities would be running an AIO instance and not their own custom nextcloud setup.

Regardless, I found a much simpler and more newbie-friendly workaround which I am posting here so that others in the future may consider it for themselves also.

Newbie friendly solution:
Instead of trying to share my nextcloud account environment with my network, instead I made a network drive first and then shared that with my nextcloud account via the External Storage app. I then deleted everything else from the ‘root’ area of the nextcloud account or moved it into the shared folder. Simply put: I ignore the default ‘root’ area and instead treat the shared network folder as my new ‘root’ space, where I store everything and operate out of.

This gives me the best of both worlds. It gives me one folder in my nextcloud account, over which I have full access via my network, which contains the entirety of my nextcloud account. I can simply drag and drop files in or out of the network folder and since this folder functions my main nextcloud folder, everything in it, including subfolders, is accessible via both my network as well as nextcloud.

The only ‘downside’ is that you have to remember to not use the root area, but instead put all your data and subfolders one level deeper in the shared network folder. If you do have some data in the root area it’s no big deal of course since you can still access it normally via the internet of course, it’s just slower than whatever is in the shared subfolder.

@devnull @bb77 @szaimen @paulus.hdk

bb77 · October 26, 2024, 5:00pm

You don’t need a reverse proxy, you need a local DNS server pointing your public domain name to the local IP of the AIO instance.

And you won’t even necessarily need that if you can already connect to the server via the public domain name from inside your LAN, because in that case NAT loopback in your router is already doing the job for you. And no, apart from DNS queries, no traffic actually leaves your local network when you use it this way.

However, NAT loopback has a few other drawbacks, such as potential performance issues depending on your router model, and the fact that each request carries the IP address of the router instead of the IP address of the device it was actually sent from, so a local DNS server still has its advantages.

Oh, and by the way, these things were beyond the knowledge of all of us at some point in time.

paulus.hdk · October 26, 2024, 10:58pm

Yup. There are many awesome tuts on YouTube. Go watch them and learn all the fun stuff

Rob_Kalmeijer · October 27, 2024, 10:10pm

You need a local DNS server that has a zone file for your domain.

See: DNS server

I have apache running on my system with selfhosting the domain.

A virtualhost for nextcloud the listen to you FQDN for nextcloud.

So cloud.example.com will then works on the LAN.