[SOLVED]Connection refused from web

Hi, everyone. I’m unable to log into my Nextcloud from the web. I’m running version 20.4.0.0, with NextcloudPi (Armbian, I believe) version 1.34.7. I’m unable to access my server from the web, though I have no problems through my LAN address. I can ping my DDNS alias fine, and get instant responses, but “Connection refused” when trying that alias address in a web browser.

I don’t know how long this has been going on, since I almost always access it locally, but a friend tried logging into his account and notified me of the error.

I’m rather a noob, so I’d need some help if you need any more specific info about my installation - I don’t know how to access logs, for instance. Any ideas welcome. Thanks!

Hi @Skyhooker, in your nextcloudpi admin panel you have a menu named nc-trusted-domains,
set your domain inside.

to see your log:
you can use admin account of your nextcloud server ( settings > logging)
you can see it into a shell but you need to know the path of your data directory. sudo nano /path-data-directory/nextcloud.log

Hi, Mageunic,

Thanks for the reply. When I looked at that “trusted domains” setting, it said that it should normally set them up automatically, so I did not change it, at least not yet.

I haven’t found the log file location yet, but I did come across a post explaining how to get a status report, and one thing I noticed there is the following message under the HTTPd section, repeated several times:

“server certificate does NOT include an ID which matches the server name”

It sounds like the security certificate was not automatically renewed, but remember I’m a real noob at this. If that sounds correct, is there a way to manually renew it? If that’s not the problem, please advise. Thanks again!

@Skyhooker I think you have to set manually your domain into the trusted domain section.
The error of httpd section is maybe you access to your nextcloud with your local ip.
i found this to enable https on your domain: How to get certificate with Letsencrypt using DNS to verify domain | NextCloudPi Documentation

Thanks, Mageunic. I don’t think that’s the problem, however - I scrolled through the rest of that system report I generated, and my DDNS domain name and local static IP are already in the trusted domains list, as is my current WAN IP.

I don’t know when the problem started, but a couple weeks ago I signed up for a VPN service. I tried installing it on my router, but my download speeds were taking a huge hit, so I had to install the VPN client on my computer. I also have a DDNS client installed on my same computer to update my IP information so the DDNS domain is pointed at the correct WAN IP. So, when I had the VPN enabled (and I have enabled and disabled frequently to try to learn how the system works), and was connecting through a proxy, it was reporting the wrong IP to my DDNS service, since the computer had a different WAN IP address from my router, to which the Nextcloud server is connected.

Is it possible that some setting in Nextcloud or NextcloudPi refuses login attempts after too many IP changes or false IP reports? Not even sure I’m phrasing that correctly. Thanks.

@Skyhooker , if such a function exists in nextcloud , I am not aware of it. But with nextcloudpi there is fail2ban. maybe check if your domain name or public ip isn’t black listed.

fail2ban-client status ( check the name of your jail )
fail2ban-client status jail-name ( check if your ip is inside)

if yes ( for unban your ip ) :

fail2ban-client set jail-name unbanip ip

All the ports are correctly configured ? ( firewall , router , … )

@Mageunic , “fail2ban-client status” returns: Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

NextcloudPi admin page, however, shows fail2ban as active, with Bantime 600, Findtime 600, and Maxretry 6

Not sure what to make of this.

I checked the firewall and router settings, and the only ones that I changed back to my pre-VPN configuration were the DNS server IPs. All else was as it should be. It didn’t fix anything, however.

@Skyhooker try with that :
sudo fail2ban-client status
sudo fail2ban-client status jail-name
sudo fail2ban-client set jail-name unbanip ip

Thanks. First command gave exactly the same return as before: “Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?”

I’m guessing the other two commands you posted would also return nothing. Also, I assume “jail-name” is specific to my server, but I don’t even know what that would be. I’m only vaguely familiar with the term, but setting up a jail was not part of the installation process for NextcloudPi, as far as I can remember.

I think I’ll back up my router configuration and do a fresh setup, to eliminate the possibility of some leftover setting I’m missing that’s causing the trouble.

Thanks again - I really appreciate the help, and welcome any other ideas!

@Skyhooker nextcloudpi comes with fail2ban. This process is used to block brute-force connections.
fail2ban create automatically a jail where IP making too many invalid requests are in. I want to know if your IP isn’t in this jail and if it is, unbans your IP. By default, fail2ban block an IP for a fixed duration but it’s possible that there was a problem.

Thanks, Mageunic. I assume “jail-name” in the above commands are specific to the server - correct? Since you said that NextcloudPi automatically creates this jail, I guess it has some default name. If so, would you know what this name is? I have no way of finding out without further guidance. In any case, since the “status” command returned “failed to access socket path,” it looks like fail2ban isn’t even running, even though it shows as enabled in the NextcloudPi admin page.

Also, I did a full reset of my router and set my normal non-VPN settings, and am still unable to connect, so that rules out any router issues.

Last, since you say fail2ban blocks specific IPs, I can understand why it might block a friend who tried too many times and hit the preset limit, but why would it also block my IP, where I had not attempted a login through my DDNS alias for several weeks?

Thanks for your continued interest and support!

I confirmed also that fail2ban, even though the box was checked in the NextcloudPi admin panel, was not active. I activated it from there last night. I guess that rules out IP banning, so now I’m really confused.

@Skyhooker very strange … something block the connection but i don’t know what …
No firewall enable on your nextcloudpi ?

Guess what? I found the culprit! Somehow my port forwarding settings got cleared in my router, perhaps from a firmware update. I should have thought to look there.

Your last post got my digging further into the router and NextcloudPi network settings, so I’m marking your post as the solution.

Anyway, problem solved. Many thanks for all your help and brainstorming - it’s greatly appreciated, and I wish you well!

2 Likes