Nextcloud server not reachable from internal Network

Nextcloud version: 17.0.1
Operating system and version: Raspbian 10 buster
Apache or nginx version: Apache 2.4.38
PHP version: 7.3.11

The issue you are facing: Nextcloud is unreachable (timeout) from my internal network. It won’t respond to a request to the domain name (dyndns via No-ip), nor to a request to its internal ip-address. None of the connections work when I try to access it from within the network (not via desktop or mobile clients, not via the web-interface, not via integrated webdav connection on ubuntu). When connecting using mobile data or a proxy, everything is fine. A few weeks ago, this has not been a problem.

Is this the first time you’ve seen this error?: Yes

The output of your Nextcloud log in Admin > Logging:
No unusual warnings or errors.

The output of your config.php file in /var/www/nextcloud/config (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'censored',
  'passwordsalt' => 'censored',
  'secret' => 'censored',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'ddns-domain',
    2 => 'local-ip-address',
  ),
  'datadirectory' => '/home/pi/storage',
  'dbtype' => 'mysql',
  'version' => '17.0.1.1',
  'overwrite.cli.url' => 'censored?',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'censored!',
  'installed' => true,
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'updater.secret' => 'censored?',
);

The output of your Apache-system log in /var/log/apache2/error.log:

[Tue Nov 26 14:47:47.611628 2019] [authz_core:error] [pid 4100] [client 94.216.20.183:59752] AH01630: client denied by server configuration: /var/www/html/nextcloud/config
[Tue Nov 26 16:08:55.253665 2019] [authz_core:error] [pid 5717] [client 217.246.91.153:51888] AH01630: client denied by server configuration: /var/www/html/nextcloud/config
[Tue Nov 26 18:04:53.692514 2019] [mpm_prefork:notice] [pid 1097] AH00169: caught SIGTERM, shutting down
[Tue Nov 26 18:04:54.023011 2019] [mpm_prefork:notice] [pid 9508] AH00163: Apache/2.4.38 (Raspbian) OpenSSL/1.1.1d configured -- resuming normal operations
[Tue Nov 26 18:04:54.023181 2019] [core:notice] [pid 9508] AH00094: Command line: '/usr/sbin/apache2'

Sound like you have problems with your raspberry pi? Full sd card or broken in some way?

The Raspberry Pi seems fine; The other services (ssh, ping etc.) are all functional. And none of the connected devices is at more than 21% capacity.

I did a bit of research and fount out that my NAT-Router apparently causes this problem. The DDNS-Service returns the public address of the NAT-Router, which forwards the request to my Raspberry pi. When tryinig to access from the internal network the router has to translate a request to itself, which seems to confuse the router.

A workaround is to connect via the local IP-Address (with https:// in the domain, otherwise it will be redirected to the public domain, resulting in the above error) and ignore the ERR_CERT_BAD_DOMAIN. For the clients I had to connect to “another instance” that only works within the internal network.

However, I’m not quite happy with the solution, since I have to manage two different “instances” and the native dav integration of ubuntu doesn’t allow this ssl-error.

So if someone knows a way to add a custom dns entry to my network (without installing a pihole) I’d be happy to hear about it.

The above issue can be resolved by modifying your laptop or server to point to your domain when accessing from local network.
Modify the hosts file with the following 2 records.
Local IP www.domainname
Local IP domainname
For example, if the local IP is 192.168.1.20 and the domain name is example.ddns.net then add the following to your hosts file
192.168.1.20 www.example.ddns.net
192.168.1.20 example.ddns.net