Nextcloud docker ngix internal and external hosts

hello all,

why it is so hard to find information about hosting a local nextcloud with docker and nginx and setup this vm to be seing internal and external… I have noip domains, so where should I setup to on my local network sees my nextcloud domain which is an internal machine. please real.

The “proper” way to do this is with split-horizon DNS. What this means is you have the FQDN of your server registered in public DNS with the public IP, and you run a local DNS server on your LAN that gives out the LAN IP for that same FQDN.

The end result of this is that your clients always use the same name to access it, and it gets the correct IP from DNS whether it is local or remote, and it “just works.”

To be fair, this is not really a Nextcloud question since this applies to pretty much anything self-hosted. I run pfSense for my firewall and use its built-in DNS resolver to do this, but any DNS server will work.

1 Like

so it seems more webserver issue (apache or nginx), right???

I’m not very clear on exactly what issue you’re having, to be honest.

i have my nextcloud running… but I cannot access it locally only outside my network… because when I set the letscript and only add the domain, but I could find anything to having both… did u get what I mean?

Ok, so do this. On your LAN run:


… where is whatever name you have set up for Nextcloud. If it returns the public IP address, that could be your problem. This is known as hairpin routing, where a computer tries to access a local server by a public IP. Most routers don’t allow this, and it’s not a good setup anyway. If that’s the problem then it would be resolved by what I described above.

exactly… it returns my public IP… however, I am using mikrotik, so already set my domain locally point to internal IP, but still didnt work, because the local ip is not set on letscript…
when I set my nextcloud with docker it was the info:

container_name: web
build: .docker/web
restart: always
  - ./volumes/nextcloud:/var/www/html:ro
  - LETSENCRYPT_EMAIL=myemail@meial
  - app
  - internal
  - reverse-proxy

what is your error message?

if you mean letsencrypt. an ip adress is not involved in this.

Not really.
There is no “malfunctioning” component in you setup, just the downside of using NAT.

You need DNS name resolution depending on the location of the client…

If you have just a handful of “internal” computers and have admin access, edit the hosts file.

Add something like
to it and this particular computer will connect to your server from inside…

If your internal router can deal with hosts files, you can add it there.
And all internal computers will be able to connect…

Let’s Encrypt has no involvement in IP addresses. Only DNS names and SSL certificates.

However, this is only a workaround, and be aware that this will break their connection if they leave the local network. By manually overriding the name resolution, they would be unable to find the public IP. You would have to undo the change for it to work offsite.

Sure. Not for mobile (laptop) computers…
Not sure about Mikrotik, but get a router that can run DD-WRT and it could be implemented there… Or get some Cisco hardware…

All this will be a moot point if/when IPv6 comes around…

apparently there are more people with a similar issue

One solution that might work (well, it works, because that’s what I do) would be :

  • Having a DNS name hosted like
  • Use a reverse proxy (such as Traefik, which handles letsencrypt automatically)
  • on the internet router, make a redirection to traefik.
  • Configure the reverse proxies to make point cloud.XX.XXX on the nextcloud service.

how do I do that?

You can use some DNS provider (free or not, like OVH), or configure your own DNS.
So for your main web site or anything you can configure your DNS A to a web site like
After you can have a CNAME like to point to your main domain (www)

Then, for the configuration of your proxy, you can configure www to your main service and cloud to nextcloud service

I would absolutely advise you to use a reverse proxy container (nginx or traffic … ) in front of your Next-Cloud container. Let the reverse proxy handle all your encryption stuff. Behind that you can setup your other containers. This also limits the amount of ports exposed to the public. There is no need for your Database to be exposed to the public, unless you have other apps on other servers tapping in on your database. Alternatively you could access your home network via an open-VPN server and then go local from there. As for local DNS I could suggest as some already did; use PfSense / dd-wrt / openSense … or any other stand alone DNS server … Actually come to think of it , I’ve used A Pihole on some om my networks. Pihole has an option to be DNS server even a mini DHCP and on top a reasonable way to block adds and malicious sites on your network. you can setup Pihole on a cheap raspberry pi in less than 15 min. I think you should map your network stuff first b4 setting up these things so you can do it properly. Once you open the fire-wall to a bad configured webserver … all hell can break loose… Just slapping on an SSL/TLS on the webserver hosting your nextcloud instance isn’t gonna cut it.

Hi !

I wrote a tutorial on how to set a nextcloud server with docker / docker-compose, nginx and let’s encrypt.
I give the whole docker and docker compose files to use it.
But this will force you (because of let’s encrypt) to have a valid IP adress and a valid domain.
If you want to take a look at it :

If you want to test it and have some trouble with it, don’t hesitate to send me a message (or a git issue !)


1 Like

today I have a nextcloud with apache as web, and running in/out on my network, however it is not that fast… and after did some test with docker and nginx, it seems faster than what I have now… however, I cannot get into the setup for a local info… which was in HOST_TRUSTED… I dont want to use vpn.

sorry, didnt get