Trouble opening Nextcloud storage to external devices

Hey there! I’ve recently bought got Nextcloud up and running within a NUC running ubuntu, but I’m having difficulties allowing devices on external networks to access it. This is what I have already done:

  • Purchased a domain from Google Domains, and linked it’s DNS to my public IP address
  • Set up port forwarding through my router for ports 80 and 443 for my private IP address
  • Set up noip dyndns and configured it on my router
    I can access my storage internally on the network, however going to terrifictaco.net (the domain registered) doesn’t show the Nextcloud page, neither does going to my public IP address.\

Another notable issue is that I can’t get Let’s Encrypt to supply a certificate for HTTPS. The error message is below:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: terrifictaco.net
Type: connection
Detail: [xx.xx.xxx.xxx (IP)]: Fetching http://terrifictaco.net/.well-known/acme-challenge/5VvECB4YOp_p9JjkhBU5ijS0YjoeT3lAHLHjYyMidMY: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Thanks in advance!

hi @TerrificTaco welcome to the forum :handshake:

Please use the search - lot of issues have been discussed already

this and the certbot error message sound more or less like there is an issue with port forwarding, firewall or maybe DNS. Please carefully double check your public DNS points to your public IP address (this must be reachable in the internet - today lot of provider use CG NAT which doesn’t allow incoming IPv4 connections). Now your domain resolves to IP 203.23.237.46 which is owned by “ISP: Spintel Pty Ltd” located in Australia is this you internet provider?

I have been using search, but so far I haven’t been able to find a solution that has worked.

Yes, I am located in Australia and my ISP is SpinTel.

While my port forwarding settings in my router look to be correct (there is another box called “destination IP” with my private IP address in it):
image
It appears as if port 80 is not being forwarded, but port 443 is. Further confusing this issue, the public address as recognised by places like ifconfig.me doesn’t have 443 or 80 open. however, the “gateway” address as listed on my router’s page has 443 open.

For the DNS, the google sites domain links to my “gateway” address:

Firewall settings are as they came on the router. “In normal mode, the firewall will allow all outbound connections. It will silently drop unknown incoming connections.” However, I have turned off the firewall completely, and the Let’s Encrypt check still doesn’t seem to pass.

EDIT: It appears that the port forwarding may not be working because Spintel uses CGNAT. Anyway to mitigate this?

A cursory Google search suggests your provider has options maybe:

https://forums.whirlpool.net.au/thread/35pn4mrn#r71183400

Perhaps contact them and ask how you’re currently configured and what your options may be.

A dynamic public IP address is fine, but being behind carrier (provider) NAT not so much.