[Solved] Port forwarding causes issues after moving Nextcloud to /Nextcloud

After 2 weeks of installing fault finding and reinstalling (using https://www.c-rieger.de/), I have Nextcloud running like a train. My 4G ISP blocks port 443 so I forward port 2222 to 443 in my router and I access Nextcloud by this syntax: https://www.mydomain.com:2222 -> works like a charm.

Then I moved on to chapter 10 in the install, making Nextcloud accessible under www.mydomain.com/nextcloud. When I now access https://www.mydomain.com:2222 it will give an error (it should forward to /nextcloud),
This works https://www.mydomain.com:2222/nextcloud but after login browser giver an error and the the url in the browser has changed to https://www.mydomain.com/nextcloud/apps/files and when I insert “:2222” after “.com” it works again.

Im sorry for this long explanation. The thing is that the port “:2222” disappears from the url after every action, causing the browser to be blocked again.

Im sure u guys will laugh at this because it is something basic, but I just cant figure this one out and I don’t want to compromise security by doing stuff I don’t fully understand (before asking).

first: what crappy isp is that, who blocks 443? :frowning:
The next thing is: yes that could be an issue with the url stuff and so on, so I recommend to add a additional site at your apache/nginx on port 2222 and redirect it in the apache/nginx instance with ProxyPass/ProxyPassReverse.

Yup - this is my 4G ISP, they only open port 500 and some in the 2000 range. I could move to my DSL ISP (MultiWAN), but that is way too slow in the upload speeds…

Thx for the suggestion. A. Would this be safe to do (reverse proxy)? and B. What domain do I enter in that case for the SSL cert (still www.mydomain.com)?

Just thinking now: I could move back from /Nextcloud to /Nextcloud, but I want to keep the automatic SSL cert renewal setup. If I go that route, in which configs do I make that change (and what change)? Maybe that would be easier?

Did you adjust your URL settings in config.php?

you can just use the same certificate files, as you are using the same domain, only changing the port.

Thanks. In chapter 10 (https://www.c-rieger.de/nextcloud-installation-guide/#zehn), things are split up in (not sure now what points to what…):
/etc/nginx/conf.d/gateway.conf
/etc/nginx/conf.d/nextcloud.conf
/etc/nginx/conf.d/letsencrypt

I made changes as instructed, so /var/www/nextcloud/config/config.php was not changed

URL setting there are only:

A. ‘trusted_domains’ =>
array (
0 => ‘yourcloud.dyndns.org’,
),
‘datadirectory’ => ‘/var/nc_data’,

B. ‘overwrite.cli.url’ => ‘https://yourcloud.dyndns.org/nextcloud/’,

Thinking more about it: can I just change in the setup listening on port 443 to listening on 2222 so I can remove the port forwarding (2222->443). Would that fix my issue?

Can you try
'overwrite.cli.url' = 'https://yourcloud.dyndns.org:2222/nextcloud/'
instead?

I would check with your provider, if it is possible to enable port 443 for you or even use a different provider. The problem about non-standard ports is that in many environments only connections to http,https are permitted (hotel wifi, company networks, …) and you won’t be able to connect to your Nextcloud.

@ojp yes you can do that, but I don’t recommend that, because if you are using a provider who isn’t that shitty, you can just use 443, which is much more convenient.

“Talk to a Telco provider” - I kinda know em :wink: and for this, I’m not even giving it a try.

The ‘overwrite.cli.url’ option only affect command line commands/applications. That would have zero effect.

You make an interesting comment about hotels etc. I never had to use special ports before, so never thought about that.

Telco text (translated): “Hosting of a server, which is not related to normal home use, is not allowed” & “Traffic coming from the internet is limited protocol and port based, accepted communication ports in TCP protocol are 500 and 2222-2231 and in UDP protocol 53, 123, 259, 500 and 1024-65535”.

I will give the listening to port 2222 instead of 443 a try tonight, see if that helps.

@riegerCLOUD Carsten, could you please comment? I guess you know the ins and outs best of these scripts.

I think you’d have a look at the router settings. Sometimes 443 is used to acces the router from the internet. That blocks trafic to equipment behind that router. Change that port to 444 or so. Then you can use the normal https port.

@Hendrik Im using ShibbyTomato and will check that. But supplier indicated they only open the ports as I mentioned. Also before moving the url to /nextcloud, all was working well.

Nextcloud is the perfect case of a normal home use service that you want to run on port 443.

That is for all links created by your cronjobs. But you should as well set these variables:

        /**
         * The automatic hostname detection of Nextcloud can fail in certain reverse
         * proxy and CLI/cron situations. This option allows you to manually override
         * the automatic detection; for example ``www.example.com``, or specify the port
         * ``www.example.com:8080``.
         */
        'overwritehost' => 'yourcloud.dyndns.org:2222',

    /**
    
    /**
     * Nextcloud attempts to detect the webroot for generating URLs automatically.
     * For example, if ``www.example.com/nextcloud`` is the URL pointing to the
     * Nextcloud instance, the webroot is ``/nextcloud``. When proxies are in use,
     * it may be difficult for Nextcloud to detect this parameter, resulting in
     * invalid URLs.
     */
    'overwritewebroot' => '/nextcloud',

please adjust the gateway.conf accordingly.
in this file (gateway.conf) the listener adress and port is configured only.

All the other nginx.conf files were only adressed internally/locally (e.g. 127.0.0.1:83 or 127.0.0.0.1:84).

You may also remove the rewrite rule
"location = / {
rewrite ^ /nextcloud;
}"
but then you have to type https://yourdomson.de/nextcloud as your url on each call.

sorry for my delay, but i had a surgery two days ago and am still in the hospital.

cheers, carsten

@tflidd Great man! that did the trick!
I added to /var/www/nextcloud/config/config.php these 2 lines:
‘overwritehost’ => ‘yourcloud.dyndns.org:portnumber’,
‘overwritewebroot’ => ‘/nextcloud’,
and now my portnumber (2222) stays in the browser URL

@riegerCLOUD Carsten, I hope u r ok. Do we still call u Carsten? :wink:
Perhaps you could add these lines to chapter 10 in your already super instructions (https://www.c-rieger.de/nextcloud-installation-guide/#zehn)?

This bought me one step further, next step: get the cert dryrun working and figure out is the TS-131 NAS is a good choice and if the Netcloud code is best run on my Pi3 or on the NASbox.

For now, all is good - BIG THANKS TO ALL!!

@ojp

I am trying to accomplish the set up that you’ve worked through in this posting. I have also installed per @riegerCLOUD instructions and cannot figure out how to get nextcloud to run on a different port. I’ve tried changing the /etc/nginx/nextcloud.conf, along with the /var/www/nextcloud/config/config.php. I can’t get it to work.

Can you help me by showing me where you made all the changes for your setup to run on port 2222?

Thank you!