Nextcloud server not reachable from internal Network

Nextcloud version: 17.0.1
Operating system and version: Raspbian 10 buster
Apache or nginx version: Apache 2.4.38
PHP version: 7.3.11

The issue you are facing: Nextcloud is unreachable (timeout) from my internal network. It won’t respond to a request to the domain name (dyndns via No-ip), nor to a request to its internal ip-address. None of the connections work when I try to access it from within the network (not via desktop or mobile clients, not via the web-interface, not via integrated webdav connection on ubuntu). When connecting using mobile data or a proxy, everything is fine. A few weeks ago, this has not been a problem.

Is this the first time you’ve seen this error?: Yes

The output of your Nextcloud log in Admin > Logging:
No unusual warnings or errors.

The output of your config.php file in /var/www/nextcloud/config (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'censored',
  'passwordsalt' => 'censored',
  'secret' => 'censored',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'ddns-domain',
    2 => 'local-ip-address',
  ),
  'datadirectory' => '/home/pi/storage',
  'dbtype' => 'mysql',
  'version' => '17.0.1.1',
  'overwrite.cli.url' => 'censored?',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'censored!',
  'installed' => true,
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'updater.secret' => 'censored?',
);

The output of your Apache-system log in /var/log/apache2/error.log:

[Tue Nov 26 14:47:47.611628 2019] [authz_core:error] [pid 4100] [client 94.216.20.183:59752] AH01630: client denied by server configuration: /var/www/html/nextcloud/config
[Tue Nov 26 16:08:55.253665 2019] [authz_core:error] [pid 5717] [client 217.246.91.153:51888] AH01630: client denied by server configuration: /var/www/html/nextcloud/config
[Tue Nov 26 18:04:53.692514 2019] [mpm_prefork:notice] [pid 1097] AH00169: caught SIGTERM, shutting down
[Tue Nov 26 18:04:54.023011 2019] [mpm_prefork:notice] [pid 9508] AH00163: Apache/2.4.38 (Raspbian) OpenSSL/1.1.1d configured -- resuming normal operations
[Tue Nov 26 18:04:54.023181 2019] [core:notice] [pid 9508] AH00094: Command line: '/usr/sbin/apache2'

Sound like you have problems with your raspberry pi? Full sd card or broken in some way?

The Raspberry Pi seems fine; The other services (ssh, ping etc.) are all functional. And none of the connected devices is at more than 21% capacity.

I did a bit of research and fount out that my NAT-Router apparently causes this problem. The DDNS-Service returns the public address of the NAT-Router, which forwards the request to my Raspberry pi. When tryinig to access from the internal network the router has to translate a request to itself, which seems to confuse the router.

A workaround is to connect via the local IP-Address (with https:// in the domain, otherwise it will be redirected to the public domain, resulting in the above error) and ignore the ERR_CERT_BAD_DOMAIN. For the clients I had to connect to “another instance” that only works within the internal network.

However, I’m not quite happy with the solution, since I have to manage two different “instances” and the native dav integration of ubuntu doesn’t allow this ssl-error.

So if someone knows a way to add a custom dns entry to my network (without installing a pihole) I’d be happy to hear about it.