Nextcloud behind SSL proxy and firewall (ufw)

I’m running Nextcloud (SNAP) behind nginx (2 separate VMs) acting as proxy, also offloading SSL, so the Nextcloud VM is not handling SSL.

Everything works fine…until i enable UFW on the Nextcloud VM.

So, in proxy, my UFW is as simple as opening 80 and 443/tcp, redirecting traffic to an internal IP (

On, if i enable UFW with the same rule (opening 80 and 443/tcp only) Nextcloud doesn’t display my ObjectStorage files (hosted on an external provider) and i have this in logs:

fopen( failed to open stream: Connection timed out at /snap/nextcloud/16402/htdocs/lib/private/Files/ObjectStore/S3ObjectTrait.php#70

I i disable the firewall on the Nextcloud VM, no problem.

Why this behavior and what ports should i open in this case and why web ports (80,443) are not enough?


Start by checking your syslog for UFW block messages to see what it’s blocking.

Could this be due to the websocket connection?

@KarlF12 That’s what i’ve done, only Russian, Romanian etc. ips blocked… :sweat_smile:
@kevdog but even if i allow the whole internal interface (ufw allow in on eth1 from problem remains.

A DNS lookup of comes back with nothing. Are you sure this is right?

Yes, i’ve changed the real domain before post (this is not the real one) and again, everything works fine BEFORE activate UFW on the Nextcloud VM behind the proxy.

It would help to see the UFW rules and logs.

Based on what you’re describing, it sounds like an outbound connection from to your storage provider is being blocked. Have you changed the default outbound policy from allow or set any outbound rules?

If you think this is happening due to a malfunction rather than something being blocked, you could test by enabling UFW and setting it to allow all connections in both directions.