I’m running Nextcloud (SNAP) behind nginx (2 separate VMs) acting as proxy, also offloading SSL, so the Nextcloud VM is not handling SSL.
Everything works fine…until i enable UFW on the Nextcloud VM.
So, in proxy, my UFW is as simple as opening 80 and 443/tcp, redirecting traffic to an internal IP (10.0.0.2).
On 10.0.0.2, if i enable UFW with the same rule (opening 80 and 443/tcp only) Nextcloud doesn’t display my ObjectStorage files (hosted on an external provider) and i have this in logs:
fopen(https://par.s3.il-par.objs.cloud/urn%3Aoid%3A332): failed to open stream: Connection timed out at /snap/nextcloud/16402/htdocs/lib/private/Files/ObjectStore/S3ObjectTrait.php#70
I i disable the firewall on the Nextcloud VM, no problem.
Why this behavior and what ports should i open in this case and why web ports (80,443) are not enough?
@KarlF12 That’s what i’ve done, only Russian, Romanian etc. ips blocked… @kevdog but even if i allow the whole internal interface (ufw allow in on eth1 from 10.0.0.0/16) problem remains.
Yes, i’ve changed the real domain before post (this is not the real one) and again, everything works fine BEFORE activate UFW on the Nextcloud VM behind the proxy.
Based on what you’re describing, it sounds like an outbound connection from 10.0.0.2 to your storage provider is being blocked. Have you changed the default outbound policy from allow or set any outbound rules?
If you think this is happening due to a malfunction rather than something being blocked, you could test by enabling UFW and setting it to allow all connections in both directions.
