Problem accessing Nextcloud server locally, fine outside the network

ℹ️ Support
1

Nextcloud version : 12.0.4
Operating system and version : Ubuntu Server 16.04
Apache Server : 2.4.18
PHP : 7.0

The issue you are facing:

Hi folks,
This is the first time I am posting on this forum, thanks for having it available.

I have set up VM running Nextcloud 12.0.4.
I am unsure of how to access from within my local lan.

I have no problem accessing it from the internet and it is setup
using LetsEncrypt however when I type //local_ip_of_server/nextcloud
in my browser I get…

Not Found
The requested URL /nextcloud was not found on this server.
Apache/2.4.18 (Ubuntu) Server at xx.xx.xx.xx Port 80

My /etc/apache2/sites-available/nextcloud.conf file only has a
<VirtualHost *:443> block. I dont know how to change it to allow
local access to nextcloud.

I hope I am making some sense here.

Thanks for taking the time to have a look at this,

Regards,

2

If you want apache2 listen on the http 80 port, just copy the <VirtualHost *:443> ... </VirtualHost> in the same file and replace the *:443 by *:80 in this new block.
If you prefere redirect http to https, you can add this block

<VirtualHost *:80>
        ServerName      HelloWorld
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ServerAlias www.hostname.com

</VirtualHost>

For the redirection you need enable the rewrite apache2 extension via the following command line
sudo a2enmod rewrite

3

Hi, thanks for your speedy response.

I’d just like to clarify a few points.

By changing the apache2 block to port 80, am I compromising my
letsencrypt ssl by passing traffic through port 80.

I’d really like to keep the end to end encryption provided by letsencrypt
and port 443 for external (outside the network access) but still be able to access nextcloud locally should my internet be unavailable for any reason.

Thanks again.

4

Sorry i m not really good for talk english.
This is my virtualhost for 80:

<VirtualHost *:80>
        ServerName      cloud.hostname.com
        ServerAlias      cloud.hostname.com
        DocumentRoot /var/www/html/nextcloud/

#        uncomment next lines if you want force client redirection (browser only, not bot) of 80 to 443
#        RewriteEngine On
#        RewriteCond %{HTTPS} off
#        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

Adapt and past it before the code block of 443. (you need restart or reload apache2 for take effect)

PS: never forget a LAN isn’t trust (compromise machine (pc, mobile, IOT), provider router, etc) :wink:

5

Ok, I understand the possibility of LAN’s not being safe.

Also, I appreciate you taking the time to help, your info has been
very useful.

Here are my observations so far…

  1. I have added the <VirtualHost *:80> block that you mentioned above.

  2. I have edited the /var/www/nextcloud/config/config.php and added the
    local ip address of the nextcloud server into the trusted_domains array.

  3. I tried to access it with firefox but it keeps kicking me out however I can go in with Chromium without issue, even with 2FA enabled.

I am happy with the result, thank you for your time.

6

I am happy with the result, thank you for your time.

you’re welcome :slight_smile:

I tried to access it with firefox but it keeps kicking me out however I can go in with Chromium without issue, even with 2FA enabled.

strange, check with remove cache, cookie etc in firefox or possible to check if it not a problem with HSTS

7

yeah, I have cleared cookies / cache, and restarted Firefox.
It does show me the login screen but returns the the login page after
I enter credentials to try and login.

However, the procedure works fine with Chromium and Brave.

8

does it work if you edit the fileon the machine on the local network with the nc-server:

\windows\system32\drivers\etc\hosts
there add:

<internal-ip>    <domain>
9

Thanks for your interest in trying to help.

I dont know what you want me to add,

It looks blank afer the
there add:

in your message.

10

There was a coding error. I put it in coding-tags, now it shows correctly.

11

oh sorry, using different board softwares at the same time is a bit confusing a times :pensive:

12

Hi @clendee, sorry I’m late to the party, it’s that time of year!

I’ve put a permanent redirect in my Apache 2.4.29 so all http traffic is converted to https. Nothing is ever transmitted clear:

<VirtualHost *:80>
    ServerName cloud.darksteve.tk
    Redirect permanent / https://cloud.darksteve.tk/
</VirtualHost>

<VirtualHost *:443>
#    DocumentRoot /usr/local/www/owncloud
    DocumentRoot /usr/local/www/nextcloud
    ServerName cloud.darksteve.tk
    Header always set Strict-Transport-Security "max-age=15768000"
    SSLEngine on
    SSLCertificateFile <redacted>.pem
    SSLCertificateKeyFile <redacted>.pem
</VirtualHost>

This works perfectly for me. Of course, your issue might be caused by DNS. I used to have this issue when I was still learning and I first set up a home server in 2004. This will take a moment to write clearly.

When you access your site externally, DNS directs you to your real-world IP address (e.g. 1.2.3.4). Your router is configured to forward ports 80 and 443, so your request connects straight through to your server’s internal IP (e.g. 192.168.1.1).

When you access your site internally, DNS still directs you to your real-world IP address (your router), but you’re already internal so port forwarding won’t work, and you get an error.

It took me way longer than it should have to figure out back in 2004, but once I realised, it was kind of obvious. You can get around this by adding a line to your desktop/laptop’s hostfile, but then the device won’t connect externally and it’s hard to change a phone’s hosts file anyway.

I started running my own internal DNS and DHCP servers. My internal DCHP server provides only my internal DNS, which directs me to 192.168.1.1, but once I’m external, the external DHCP will assign you an external DNS that will direct you to your real-world IP of 1.2.3.4.

This has added benefits of allowing you to blocks ads/malware for the house, and also allows you to get around ISP blocks (e.g. here in Australia, TPB and other sites are blocked via DNS).

I hope this helps, sorry I was late!
:slight_smile: