Trouble connecting clients to Nextcloud from with my LAN via external URL

Sabbelnator · March 11, 2025, 7:02pm

Dear Community

I have discovered Nextcloud a few months ago and have started to play with several different installations and have finally settled on the most current version of nextcloudpi. (V 1.55.3)

I have then passed ports 443 and 80 from my router to the ncp. The router is a run of the mill “fritzBox”, a German brand of internet router for home use, which also offers a free DynDNS Service from the manufacturer, which I am using and which is also very reliable.

First of all let me tell you what actually works:

1.: I can access NextCloud from outside my own LAN without any issues. Both with any variety of browser, as with the mobile and desktop clients. No issue at all.

2.: I can access it from within my own LAN from any browser, both with using its own IP and by using the DynDNS domain.

3.: I can do the same as in 2, from outside my own LAN via VPN access.

4.: I can access Nextcloud from any mobile or desktop client from within my own LAN by entering the local IPv4 without any issues.

Now here comes the issue, I can’t wrap my head around:

From WITHIN my own LAN I can not access Nextcloud from any desktop or mobile client by entering the URL of my DynDNS.

What really gets my head spinning is the fact, that this unique to using the mobile or desktop client and is no issue at all when using a Browser.

I have studied several forum threads (on this forum and on others) that deal with similar problems and I have attempted the following to solve the issue:

1.: I have set up a DNS rebind protection in my router for any possible URL that might be required to be accessed - no change.

2.: I have set up a pi hole server as a DNS in my LAN and created a local DNS record for the url in question. I have then designated pi hole as the DNS for my LAN and restarted everything - no change. (pi hole will actually be the next project I want to tackle)

3.: What I don’t get is, that the desktop client returns the following error when attempting to login from with my LAN via the external URL: (I have change the domain for privacy reasons)

Failed to connect to Nextcloud at https://mydyndnsdomain.com/

status.php:
Server replied “404 Not Found” to “GET https://mydyndnsdomain.com/status.php/nextcloud/status.php”

What I really don’t get is the error message, and that is no typo or mixup in there. It wants to call up a path, that does not exist. If I call up the path under “https://mydyndnsdomain.com/status.php” I get a regular reply of the respective php-routine. I have no clue why it wants to call up a path, that doesn’t even exist in a Nextcloud installation.

Looking at this fact it is no surprise to me, that the client can not connect if it attempts to call on a path that is not there. But I don’t get it, why it does that only when I want to connect from with my LAN via the external URL.

Since the mobile clients do not present any error message that contains anything worth mentioning, I can only assume that their issue is the same.

I appreciate any thoughts on the subject matter at hand, as I really have no clue what the problem might be.

wwe · March 11, 2025, 7:23pm

Likely you hit the rebind_protection if this doesn’t solve the problem already look at fritzbox topics - many discussions exist. 101: Split-Brain DNS (split-horizon) splitbraindns could help as well.

Sabbelnator · March 13, 2025, 8:07am

Thank you for your answer.

I had the same idea, but I have my doubts about that being correct. The reason for that is, that I can call it up from within my LAN via the browser and that the problem is limited to the Nextcloud client apps.

Any idea in that direction?

devnull · March 13, 2025, 8:38am

That seems somehow strange or duplicate to me. Do you use your own domain or the subdirectory /nextcloud. Can you post your Nextcloud configuration config.php? What have you entered as the server in your Nextcloud client? You do not have to post your domain or subdomain. Just change the name a little.

Also check the certificate in the normal browser. Is it correctly signed? A browser can easily be convinced by false certificates, a Nextcloud client rather not. But I would have expected a different error message.

Sabbelnator · March 13, 2025, 2:48pm

Well, that is the thing that I consider interesting to.

Nextcloud is installed in the root directory of the web server, so I have no clue why it actually wants to call up this path. I I call up the path without the redundant part it works just fine in the browser.

The certificate is correctly signed and when I access my Nextcloud from outside my own LAN it works just fine. The error is just generated when I do it for within my own LAN.

To me this somehow does not add up.

Here is my config file, with some redactions of sensitive data:

GNU nano 7.2 config.php
<?php $CONFIG = array ( 'passwordsalt' => '********', 'secret' => '*********', 'trusted_domains' => array ( 0 => 'localhost', 1 => 'nextcloudpi', 2 => 'nextcloudpi.local', 3 => 'nextcloudpi.lan', 4 => '192.168.200.13', 5 => 'nextcloudpi', 6 => 'raspicloud.local', 7 => 'myowndyndnsdomain.com', ), 'datadirectory' => '/opt/ncdata/data', 'dbtype' => 'mysql', 'version' => '30.0.6.2', 'overwrite.cli.url' => 'https://nextcloudpi/', 'dbname' => 'nextcloud', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => '*******', 'dbpassword' => '*********', 'installed' => true, 'instanceid' => 'oc02usjn1w0f', 'memcache.local' => '\\OC\\Memcache\\Redis', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => '/var/run/redis/redis.sock', 'port' => 0, 'timeout' => 0.0, 'password' => '***********', ), 'tempdirectory' => '/opt/ncdata/data/tmp', 'mail_smtpmode' => 'sendmail', 'mail_smtpauthtype' => 'LOGIN', 'mail_from_address' => 'noreply', 'mail_domain' => 'nextcloudpi.com', 'preview_max_x' => '2048', 'preview_max_y' => '2048', 'jpeg_quality' => '60', 'overwriteprotocol' => 'https', 'maintenance' => false, 'logfile' => '/opt/ncdata/data/nextcloud.log', 'trusted_proxies' => array ( 0 => '127.0.0.1', 1 => '::1', 2 => '192.168.200.12', 3 => '192.168.200.13', 4 => '192.168.200.1', ), 'maintenance_window_start' => 3, 'default_phone_region' => '+49', 'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory', 'twofactor_enforced' => 'true', 'twofactor_enforced_groups' => array ( 0 => 'admin', ), 'twofactor_enforced_excluded_groups' => array ( ), 'htaccess.RewriteBase' => '/', 'theme' => '', 'loglevel' => '2', 'log_type' => 'file', );

I hope that helps in finding the issue. If have been trying again as well, but so far I seem to have hit a wall.

Sabbelnator · March 13, 2025, 4:57pm

@devnull

Just realized I forgot to answer some of your questions.

I used the root directory for my Nextcloud, nothing else.

When I enter my local IP in the client it works just fine. Once I enter https://mydnsdnsdomain.com in the client it works only when I am not in my own LAN. Once I am inside my LAN it dies not work any more.

As I said previously, I initially suspected the DNS rebind protection, but that can’t be it, because it would also hinder the browser from accessing it.