I’m running Nextcloud (SNAP) behind nginx (2 separate VMs) acting as proxy, also offloading SSL, so the Nextcloud VM is not handling SSL.
Everything works fine…until i enable UFW on the Nextcloud VM.
So, in proxy, my UFW is as simple as opening 80 and 443/tcp, redirecting traffic to an internal IP (10.0.0.2).
On 10.0.0.2, if i enable UFW with the same rule (opening 80 and 443/tcp only) Nextcloud doesn’t display my ObjectStorage files (hosted on an external provider) and i have this in logs:
fopen(https://par.s3.il-par.objs.cloud/urn%3Aoid%3A332): failed to open stream: Connection timed out at /snap/nextcloud/16402/htdocs/lib/private/Files/ObjectStore/S3ObjectTrait.php#70
I i disable the firewall on the Nextcloud VM, no problem.
Why this behavior and what ports should i open in this case and why web ports (80,443) are not enough?