Nextcloud can't be accessed over VPN

Nextcloud version : 13.0.4
Operating system and version : Ubuntu Server 18.0.4
Apache or nginx version : nginx 1.15.1
PHP version : 7.2.7

So, here we go. I’ve been trying to set up a Ubuntu server with nextcloud, half because I want to use it and half because I want to learn.
I had some troubles, but finally all’s set and I can use nextcloud over my LAN.
Since my ISP blocks incoming traffic I had to use a VPN and a DDNS service. It works in the way that I can access my default nginx site, as well as different sites.
But I can’t access the /nextcloud site, like I can on my LAN. It simply loads, and eventually times out.
First I thought, it was related to the VPN I’m using, but they assured me everything was fine and I’m able to load even large pictures - 20 Mb -, although at excruciatingly slow speeds, sometimes up to a minute.
But right now I assume it is rather a problem related to nginx and nextcloud.
Unfortunately I can’t show you a nginx acces.log file, because my subscription for the VPN client expired and I don’t want to buy an other 3 day trial, untill I have at least hope of fixing this.
I’ve put below an log file created, when I access over my LAN. When I tried to access through my VPN most of the times there was no additional entry, sometimes there was one, but only one get and not the whole block, that you can see in the log file. Notably I know of two times, where the whole page loaded without a problem. two out of hundred times.

I don’t know, whether this is important, but I can’t use the default ports, I have to use quite strange port forwarding rules on my VPN: 13543 -> 443 and 13580 -> 80. Just in case that could be part of the problem.

Long story short:
The nextcloud log and the nginx log show, that I requested the site sometimes - sometimes the request didn’t came through. Then it didn’t load 95% of the times. Evey other pages loads and can be accessed, although slow.
Access over LAN works perfectly.

Can anyone help me with this strange behavior or has an alternative solution to get my Server running, when my ISP blocks traffic?

Tanks in advance

P.S.: I’ve put a few logs here, if you need more or details on my ngixn configuration, I’ll provide them, just tell me what you need. And have some mercy on me, I’m very much in the progress of figuring out, how all this systems work.

Nextcloud log:

{"reqId":"r1p2wxaRg55Helmh0lUl","level":2,"time":"2018-07-09T22:09:39+00:00","remoteAddr":"192.168.0.100","user":"--","app":"core","method":"GET","url":"\/nextcloud\/","message":"Trusted domain error. \"192.168.0.100\" tried to access using \"192.168.0.80\" as host.","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"2sAoFDWxBTaVDmbhMRcb","level":2,"time":"2018-07-09T22:09:40+00:00","remoteAddr":"192.168.0.100","user":"--","app":"core","method":"GET","url":"\/nextcloud\/js\/core\/merged-template-prepend.js?v=ae88be84-0","message":"Trusted domain error. \"192.168.0.100\" tried to access using \"192.168.0.80\" as host.","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"cMQHsh3eCxHn4bEJx3Rv","level":2,"time":"2018-07-09T22:12:17+00:00","remoteAddr":"192.168.0.100","user":"--","app":"core","method":"GET","url":"\/nextcloud\/","message":"Trusted domain error. \"192.168.0.100\" tried to access using \"192.168.0.80\" as host.","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"zL6gSavSWFfkKMVUJB2D","level":2,"time":"2018-07-09T22:12:17+00:00","remoteAddr":"192.168.0.100","user":"--","app":"core","method":"GET","url":"\/nextcloud\/js\/core\/merged-template-prepend.js?v=ae88be84-0","message":"Trusted domain error. \"192.168.0.100\" tried to access using \"192.168.0.80\" as host.","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"tFjGlypKk4yKKqzMCj8b","level":2,"time":"2018-07-10T18:01:45+00:00","remoteAddr":"10.8.0.1","user":"--","app":"core","method":"GET","url":"\/nextcloud\/","message":"Trusted domain error. \"10.8.0.1\" tried to access using \"10.8.24.74\" as host.","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"Shi0jmJhbKrGcYT8AxeJ","level":2,"time":"2018-07-10T18:01:46+00:00","remoteAddr":"10.8.0.1","user":"--","app":"core","method":"GET","url":"\/nextcloud\/js\/core\/merged-template-prepend.js?v=ae88be84-0","message":"Trusted domain error. \"10.8.0.1\" tried to access using \"10.8.24.74\" as host.","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"ZnjU3h8zXoAsEdjZx1bv","level":2,"time":"2018-07-11T18:56:38+00:00","remoteAddr":"217.95.54.84","user":"--","app":"core","method":"GET","url":"\/nextcloud\/","message":"Trusted domain error. \"217.95.54.84\" tried to access using \"backgrounddog.duckdns.org\" as host.","userAgent":"Mozilla\/5.0 (Android 6.0.1; Mobile; rv:61.0) Gecko\/61.0 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"p6eGAlzuYWDyLVS2ltDi","level":2,"time":"2018-07-11T18:56:38+00:00","remoteAddr":"217.95.54.84","user":"--","app":"core","method":"GET","url":"\/nextcloud\/js\/core\/merged-template-prepend.js?v=ae88be84-0","message":"Trusted domain error. \"217.95.54.84\" tried to access using \"backgrounddog.duckdns.org\" as host.","userAgent":"Mozilla\/5.0 (Android 6.0.1; Mobile; rv:61.0) Gecko\/61.0 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"GLn6lJGnHYSJEHZD5RSU","level":2,"time":"2018-07-11T18:56:39+00:00","remoteAddr":"217.95.54.84","user":"--","app":"core","method":"GET","url":"\/nextcloud\/core\/img\/manifest.json","message":"Trusted domain error. \"217.95.54.84\" tried to access using \"backgrounddog.duckdns.org\" as host.","userAgent":"Mozilla\/5.0 (Android 6.0.1; Mobile; rv:61.0) Gecko\/61.0 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"FHRxruasnt6n8pSj0wmt","level":2,"time":"2018-07-12T14:33:02+00:00","remoteAddr":"192.168.0.100","user":"--","app":"core","method":"POST","url":"\/nextcloud\/login","message":"Login failed: 'admin' (Remote IP: '192.168.0.100')","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"cEr1tWmywEcXOmLBmCGE","level":2,"time":"2018-07-12T14:33:09+00:00","remoteAddr":"192.168.0.100","user":"--","app":"core","method":"POST","url":"\/nextcloud\/login?user=admin","message":"Login failed: 'admin' (Remote IP: '192.168.0.100')","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"IZsDczZYmtsWXppBx43g","level":2,"time":"2018-07-13T15:29:47+00:00","remoteAddr":"134.155.23.70","user":"--","app":"core","method":"GET","url":"\/nextcloud\/","message":"Trusted domain error. \"134.155.23.70\" tried to access using \"backgrounddog.duckdns.org\" as host.","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"oABhTGoozk2EjdkL02hK","level":2,"time":"2018-07-13T15:29:47+00:00","remoteAddr":"134.155.23.70","user":"--","app":"core","method":"GET","url":"\/nextcloud\/js\/core\/merged-template-prepend.js?v=ae88be84-0","message":"Trusted domain error. \"134.155.23.70\" tried to access using \"backgrounddog.duckdns.org\" as host.","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}
{"reqId":"rfMqmrYN1KkDzLvaV7YO","level":2,"time":"2018-07-14T19:01:40+00:00","remoteAddr":"192.168.0.100","user":"--","app":"core","method":"POST","url":"\/nextcloud\/login","message":"Login failed: 'lion' (Remote IP: '192.168.0.100')","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko\/20100101 Firefox\/61.0","version":"13.0.4.0"}

config.php:

<?php
$CONFIG = array (
  'passwordsalt' => '60ogccaeTgjfh+n/aaaahz8eIOZFir',
  'secret' => 'rfwglGACP6/aaaaaaaaNuy3Dvb+XmeQNL0aI2fDJljSR1XDU',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '192.168.0.80',
    2 => 'backgrounddog.duckdns.org',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'overwrite.cli.url' => 'http://localhost',
  'dbtype' => 'mysql',
  'version' => '13.0.4.0',
  'dbname' => 'nextcloud_db',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud_db_user',
  'dbpassword' => 'VerySecretPassword',
  'installed' => true,
  'instanceid' => 'oc9da00yftuy',
);

nginx access.log:

127.0.0.1 - - [14/Jul/2018:18:45:18 +0000] "GET /nextcloud/ HTTP/1.0" 302 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
192.168.0.100 - - [14/Jul/2018:18:45:18 +0000] "GET /nextcloud/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
127.0.0.1 - - [14/Jul/2018:18:45:18 +0000] "GET /nextcloud/login HTTP/1.0" 200 11690 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
192.168.0.100 - - [14/Jul/2018:18:45:18 +0000] "GET /nextcloud/login HTTP/1.1" 200 11690 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
127.0.0.1 - - [14/Jul/2018:18:45:18 +0000] "GET /nextcloud/cron.php HTTP/1.0" 200 20 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
192.168.0.100 - - [14/Jul/2018:18:45:18 +0000] "GET /nextcloud/cron.php HTTP/1.1" 200 31 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"

I wouldn’t use this. If you use your local ip (inside your vpn), I’d use the 192.168.-ip as your default hostname (to be sure, I’d use this as the first entry in the trusted_domain list as well.)

I can’t help with your provider but I think it is strange to block port 80 and/or 443, why shouldn’t you be allowed to run a server. Perhaps some provider block it by default and you need to activate it in the customer interface.

I sometimes use a VPN when I’m in restrictive networks, I use openVPN and can use free clients (on iOS, not sure about Android).

1 Like

Thanks for the quick answer, it helped me a lot.

First things first, my ISP is blocking this ports. I’m living in student housing, so my ISP is my university, and for some reason in the past they don’t really like servers in their flats.

Anyway, I’ve tried to apply your change and it didn’t solve my problem. But I kept searching and finally, by inserting:
‘overwritehost’ => ‘backgrounddog.duckdns.org:13543’,
‘overwriteprotocol’ => ‘https’,
‘overwrite.cli.url’ => ‘https://backgrounddog.duckdns.org:13543/nextcloud’,
I was able to use the VPN connection. Unfortunately I get redirected to the VPN connection whenever I try to login from my local network. I don’t want to loose the ability to connect entirely through my local network, since this is way faster.

Does someone know, whether it is possible to configure nextcloud such, that it can handle the connection through the VPN, but don’t redirects me, when I access from a local computer?