Openvpn on tcp 443 and nextcloud not accessible from internet

01_10 · August 29, 2018, 1:38pm

Hi,

I have just installed nextcloud on my raspberry pi 2. I am also running pihole which uses port 80 for admin webpage and pivpn which runs on 443 tcp and udp.

I have managed to change the apache to run on a different port than 80 and i can access nextcloud from within my LAN and even the app works fine too.

On my firewall, I have 443 tcp and udp forwarded to my pi local ip address and my openvpn works fine. I have added port-share option on my openvpn server.conf and I am using port-share 4443 so that the traffic can pass to this port number internally.

My apache2/port.conf looks like below:

If you just change the port or add more ports here, you will likely also

have to change the VirtualHost statement in

/etc/apache2/sites-enabled/000-default.conf

Listen 880

Listen 4443 Listen 880

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

my 000-default.conf looks like below:

<VirtualHost *:880>
ServerName mydomain.ddns.net
Redirect permanent / https://mydomain.ddns.net/
# The ServerName directive sets the request scheme, hostname and port t$
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.

my default-ssl.conf looks like below:

Servername mydomain.ddns.net ServerAdmin webmaster@localhost

            DocumentRoot /var/www/html

            # Available loglevels: trace8, ..., trace1, debug, info, notice$
            # error, crit, alert, emerg.
            # It is also possible to configure the loglevel for particular
            # modules, e.g.
            #LogLevel info ssl:warn

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

There are two issues I am facing as per below:

First issue: I cannot access nextcloud from the internet. Can you please help me how this can be achieved once you have looked at my files above. I do not want to change my pihole port 80 and pivpn 443. I would like to use alternative ports such as 880 and 4443.

Second issue: I have not been able to install SSL using certbot. my understanding is as the nextcloud is not using standard 80 and 443 ports, its causing issues for certbot to verify my website etc. I would like to understand how I can achieve this given the above information.

Happy to post any more files or run commands.

Look forward to response.

Best regards,

V P

mactrent · August 29, 2018, 2:03pm

First issue: I’d recommend forwarding ports 880 and 4443 from your router temporarily, to verify that Nextcloud and your web configuration are working as intended (i.e., would be accessible from the internet if properly forwarded). OpenVPN is, in my experience, far more likely to be mis-configured here; if you find that to be the case, you can seek out some help on it specifically.

Second issue: This is directly related to the first one - if your web server isn’t forwarded properly, LetsEncrypt won’t be able to reach your server to verify you own the domain. If you’re not able to fix the forwarding so that Nextcloud responds on ports 80 and 443 and need to use other ports permanently, LetsEncrypt does offer alternative methods of proving you own a site - see this question regarding DNS validation.

01_10 · August 29, 2018, 2:29pm

I have just opened the ports and forwarded to pi but still cannot access nextcloud. So I don’t think it’s to do with openvpn as that works ok.

Something to do with nextcloud config and apache files.

mactrent · August 29, 2018, 2:44pm

In that case, are there any messages in the Apache logs (/var/log/apache2/error.log or access.log)?

I might see an issue in your /etc/apache2/ports.conf, but I’m not sure if that’s just the formatting. If I could have you put a row of 3 back-ticks (`) at the start of each file, and again at the end of each file, that would make the forum software ignore what it currently thinks is markdown, and make this much more clear. It’ll look like this in the post editor:
```
# contents of a file, including # symbol, shown in code block style rather than big web headers
```

01_10 · September 5, 2018, 6:05pm

Listen 880
<IfModule ssl_module>
        Listen 4443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 880
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet