outflank router's port 443

Support intro

Sorry to hear you’re facing problems.

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

• Official documentation (searchable and regularly updated)
• How to topics and FAQs
• Forum search

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can.

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • 32.0.1.2
• Operating system and version (e.g., Ubuntu 24.04):
  • Debian 12.12
• Web server and version (e.g, Apache 2.4.25):
  • Apache 2.4.65
• Reverse proxy and version _(e.g. nginx 1.27.2)
  • Caddy 2.10.2
• PHP version (e.g, 8.3):
  • PHP 8.3.26
• Is this the first time you’ve seen this error? (Yes / No):
  • yes
• When did this problem seem to first start?
  • just after AIO installation, at the first remote connection attempt
• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • AIO
• Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • no, self-hosted

Summary of the issue you are facing:

I registered a domain my_registered_domain.online that points to my home’s static IP.
My Cisco RV260 router manages a DMZ for Nexcloud server dedicated machine.
Unfortunately, my router binds WAN ports 80/443.

I installed Nextcloud AIO via SSH, indicating https://my_registered_domain.online as target domain.

Using port forwarding I can reach Nextcloud machine by remote:

• SSH - port 22 (redirected from WAN port 10022)
• AIO - port 8080 (redirected from WAN port 18080, https://my_registered_domain.online:18080)

About WAN port 443 (that I can use) I’ve tryed:
WAN/10443 → LAN/443 TCP&UDP

Just after AIO (complete and ok) installation the botton redirect to https://my_registered_domain.online, that’s not working as mentioned:
This site can’t be reached
my_registered_domain.online took too long to respond.
ERR_CONNECTION_TIMED_OUT

Typing https://my_registered_domain.online:10443 instead the browser replays:
This site can’t provide a secure connection
my_registered_domain.online sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

Any suggestion?
Thank you in advance

Steps to replicate it (hint: details matter!):

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

PASTE HERE

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

PASTE

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

PASTE HERE

Apps

The output of occ app:list (if possible).

Tips for increasing the likelihood of a response

• Use the preformatted text formatting option in the editor for all log entries and configuration output.
• If screenshots are useful, feel free to include them.
  • If possible, also include key error output in text form so it can be searched for.
• Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.

Why do you have ports 80 and 443 open for router administration?
I recommend to close/disable administration from outside as well as ssh to Nextcloud. - Only expose ports 80 and 443 for Nextcloud.
If you strongly need the administration ports of your router, you should be able to change these ports for administration (f.ex. to 8080 and 10443) and open 80/443 to Nextcloud.

I also cannot understand, why you use different ports than 80 and 443 on your Nextcloud server. - Even, if you access from external to port 18443 and 18080, you can set port forwarding to ports 80 and 443 of the nextcloud server.

The SSL-error may be a result, that you do not use a signed SSL-certificate.

The more changes you do on the nextcloud server the more problems may appear after updates as well as getting into trouble after a few months, if you are searching for an error or if you ewant to install additional software.

>>> Why do you have ports 80 and 443 open for router administration? <<<
Any remote administration is disabled but Cisco RV260 is binding those port anyway! No way to find a solution with Cisco. This is the reason why I’m trying to get around it.

>>> I recommend to close/disable administration from outside as well as ssh to Nextcloud <<<
I agree. As soon as the system is working well

>>> why you use different ports than 80 and 443 on your Nextcloud server. - Even, if you access from external to port 18443 and 18080, you can set port forwarding to ports 80 and 443 of the nextcloud server <<<
It’s exactly my goal, I don’t want to change 80/443 ports on Nextcloud server. But port forwarding WAN/10443 → LAN/443 TCP&UDP returns ERR_SSL_PROTOCOL_ERROR on external browser.

>>> The more changes you do on the Nextcloud server the more problems may appear after updates as well as getting into trouble after a few months, if you are searching for an error or if you want to install additional software. <<<
I totally agree

>>> The SSL-error may be a result, that you do not use a signed SSL-certificate. <<<
I believe this is the problem I need to fix, but I don’t know how. Consider I just completed AIO automatic configuration, nothing else.

I suspect that indicating https://my_registered_domain.online as target domain in AIO is making a conflict as I connect with https://my_registered_domain.online:10443.
Any suggestion?
Thank you in advance

A valid SSL-certificate can be retrieved from Letsencrypt, but it needs ports 80 and 443 while installation and renewing. - Now we will be back to the router ports 80 and 443…

At this moment, without solutions from Cisco, the only solution I have is to substitute the router… Am I the only one with this problem? damnation…
Thank you anyway

Mayba a good idea, because the router is EOL and Cisco routers are well known for vulnerabilities.

Configuration guides can be found here:

there you should find information, how to replace service ports 80/443 by a port forwarding. - It also might be possible to get help in a forum, where Cisco-users are active.

thank you @Mornsgrans. I’m currently active in Cisco forum and I already read the documents you linked, but no solution came by now. RV machine is still working well so I keep the replacement as last chance. Anyway what equivalent modern brand/model you would suggest?

Sorry, but I cannot suggest a special router model.
One reason is, that I do not know, what brands aud models are available in your country. Other reasons are “application range” as well as “price range”.

In Germany many users use AVM FritzBox, even it has no dedicated DMZ, but it is rather cheap, has a long term update support and seems to be less vulnerable than many other brands.

I have no experience with Cisco routers. But I simply cannot imagine that it is not possible to forward ports 80 and 443 on a Cisco Small Business router. I mean, every cheap home router can do that. Unless, of course, the ISP blocks the ports or the ISP only offers IPv4 via CG-NAT.

Port forwarding:

Before you start with changes, do a backup of the recent configuration.

hello @Mornsgrans
I’ve tried both port forwarding and NAT, no way.
On Cisco forums they confirmed ports 80/443 are bound by the router itself.
The only solution they suggest is to set up Nextcloud to manage certificates through different ports, like 8443/8080.
So, do you think it’s possible?
As I just installed Nextcloud I can even repeat it in a different way, if needed.

hello @bb77
It’s very strange also for me, considering it’s a Small Business router, but there’s no way both by testing and forum’s opinions

It’s about an RV340, but maybe this is of any help: https://www.youtube.com/watch?v=Esr49TJ74V8

that was exactly my first attempt, but no way. Unfortunately the router prioritize its own rules before processing port forwarding, NAT, etc. as Cisco’s people confirm.
This is why I hope to find a solution for Nextcloud on different ports.

And what happens, if you disable these rules?

totally indifferent whether they are enabled or not: ERR_CONNECTION_TIMED_OUT

I don’t know - but I need it - how to manage certificates while connecting through 8080/8443 ports (sorry for my lack of knowledge about it).
Is there any Nextcloud doc that can help me this way? I’ve not found it yet.

Maybe stupid question: what if I specify my_registered_domain.online:8443 in AIO installation procedure, instead of my_registered_domain.online only?