Port 443 Still Closed (AX1800 AX21 Router / Windows 11 using Docker Desktop)

ℹ️ Support
, ,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • Latest Nextcloud version provided by AIO v11.11.0
  • Operating system and version (e.g., Ubuntu 24.04):
    • Windows 11 (Docker Host)
  • Web server and version (e.g, Apache 2.4.25):
    • Docker / nextcloud-aio-apache container
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • Built-in AIO Reverse Proxy
  • PHP version (e.g, 8.3):
    • PHP version provided by AIO container
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yes
  • When did this problem seem to first start?
    • When attempting to submit my domain into the AIO interface
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Nextcloud AIO via Docker Desktop
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • No. Using TP-Link ID DDNS service to point the domain.

Summary of the issue you are facing:

I’m going to be super honest here – I’m a complete novice to all of this, so please take it easy on me. I’ve provided answers to the best of my abilities below. Apologies in advance for my cluelessness here.

I am attempting to set up Nextcloud AIO on a Windows 11 machine using Docker Desktop. I have correctly set up the master container as far as I can tell, but when I try to submit my domain, I receive the error: “Domain is not reachable on port 443”.

My network setup:

  • Domain: danielcloud.tplinkdns.com
  • Router: TP-Link AX1800 (Model: Archer AX21)
  • Windows PC Local IPv4: 192.168.0.139
  • Router WAN IP: 173.92.184.200

Troubleshooting steps already taken:

  1. Port Forwarding: Confirmed the following rules are set up in the TP-Link router, forwarding External Ports to the Static Local IPv4 of the Windows 11 host:
    1. WAN 3478 (all protocols) → LAN 3478 (all protocols)
    2. WAN 80 (all protocols) → LAN 80 (all protocols)
    3. WAN 443 (all protocols) → LAN 443 (all protocols)
  2. Local IP Verification: Confirmed the internal IP used in the port forwarding rules is the correct one associated with the Default Gateway in ipconfig.
  3. Windows Firewall: Created an Inbound Rule specifically for TCP ports 80 and 443, allowing the connection for Domain, Private, and Public profiles.
  4. Router Conflict Check: Disabled/changed the router’s Remote Management Port from 443 to 8443 to prevent the router from reserving the port.
  5. External Check: Using an online port checker tool for port 443 shows the port is CLOSED/TIMED OUT, confirming the block is external to the Nextcloud AIO container.

Steps to replicate it (hint: details matter!):

  1. Start Nextcloud AIO master container on Windows 11 using Docker Desktop

  2. Access the AIO interface at https://localhost:8080

  3. Enter the DDNS domain, danielcloud.tplinkdns.com, into the setup field.

  4. Click Submit Domain.

  5. Result: The Nextcloud AIO Master container returns the error: “Domain is not reachable on port 443.”

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

 Trying to fix docker.sock permissions internally...
 Adding internal www-data to group root
 e[0;92mInitial startup of Nextcloud All-in-One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080
 ⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!
 
 If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
 https://your-domain-that-points-to-this-server.tld:8443e[0m
 Deleting duplicate sessions

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

Rejected request from RFC1918 IP to public server address

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

docker run ^
--init ^
--sig-proxy=false ^
--name nextcloud-aio-mastercontainer ^
--restart always ^
--publish 81:80 ^
--publish 8080:8080 ^
--publish 8443:8443 ^
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
--volume //var/run/docker.sock:/var/run/docker.sock:ro ^
-e APACHE_PORT=80 ^
-e APACHE_IP=0.0.0.0 ^
-e NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/cloudfolder" ^
ghcr.io/nextcloud-releases/all-in-one:latest

Please note that during my initial setup, I continuously received issues on port 80, so the initial run file published 81:80 and things seemed to work properly.

Apps

The output of occ app:list (if possible).

Tips for increasing the likelihood of a response

  • Use the preformatted text formatting option in the editor for all log entries and configuration output.
  • If screenshots are useful, feel free to include them.
    • If possible, also include key error output in text form so it can be searched for.
  • Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.
2

If you publish

your instance cannot be reached on port 443.
Same with

where an open port 80 in the firewall will not help, because it wants port 81 to be called.

3

Thank you for the reply. I was having issues publishing to port 80 for some reason, so I will be spending today trying to fix that. Assuming that I can clear up that issue, are you saying that I should publish to 443 instead of 8443?

4

If I am right, you should configure your docker instance with 80:80 and 443:443, otherwise your router-config

never will work.
Take care, that router maintenance access from outside is disabled to prevent from wrong port forwarding.