Unable to connect to local Nextcloud using No-IP domain name

I have used the NextcloudPi image from December 2017 and done what looks like a successful installation on to a Raspberry Pi ZeroW. “Successful” here means that having run the wizard I got a full set of green flags (no-IP, nc-autoupdate-ncp, dnsmasq and letsencrypt). However, initially I couldn’t contact Nextcloud at all. Following up a hint I found I edited the config/config.php file (somehow or other it had picked up an IP address of 192.168.0.148 - no idea where from! - I corrected that to 192.168.1.7 my Zero’s fixed IP address)

Having done that I can now access Nextcloud locally using https://192.168.1.7 and various variations; I can access Nextcloud from outside my LAN using https://this.that.org (my no-IP domain name) but I cannot access it locally using the latter URL.

Can anyone offer any hints?

My thanks in advance.

hi, you would either need an internal DNS server to help you with it, or you can modify C:\Windows\System32\drivers\etc\hosts (Windows) or /etc/hosts file in Linux.

The line should look like so:
192.168.1.7 this.that.org

I forgot to mention that my desktop runs Ubuntu 16.04. Being somewhat new at this game, with some trepidation, I edited the etc/hosts file and …

… it now works! Thank you for your help, I can now go on to the next challenge!

For completeness:
(1) I take it that I’ll have to make such changes as you suggest to all machines that I wish to use which are on the LAN.
(2) This seems to be such a fundamental issue I’m surprised I haven’t seen it included in any the (mass of) documentation I’ve seen (no disrespect meant to anyone, personally I’m incapable of doing this sort of work and I appreciate the effort put in by those who can). Or perhaps, being new to this game, I saw it and didn’t realise its importance.

Again, my thanks

If your domain name can be resolved from outside your local network it is strange, why it can’t be resolved from inside of your LAN.
Actually every domain name is resolved by DNS servers and when you surf the Internet on your computer (inside your LAN) every address is resolved by some DNS servers. I’m wondering why your domain can’t be resolved then, when surfing works.

Is your external IP not reachable from within your network? I mean your.domain.com would resolve to the IP address assigned to your router from your ISP. So your client computer would try to connect to that IP address.

Two possible issues I can think of here:

• somehow your domain is not resolved (because DNS responses are not correctly forwarded?)
• the external IP of your router is not reachable from within your LAN (router configuration?)

Schmu:

Thanks for responding.

I’m afraid that my ignorance on this subject makes it difficult for me to fully understand your comment. But, insofar as I do understand it, it echoes my own questions. Copenhaus’ suggestion has resolved the problem but not my understanding.

I thought that the installation of dnsmasq would deal with the routing but your comment has suggested to me that I’m not fully understanding what dnsmasq does but combing your comment with copenhaus’ solution suggests a line of enquiry that might, just might! help to improve my understanding.

Hello,

The issue that you are having means that your router does not support NAT loopback.

For that reason, NCP includes dnsmasq.

Actually, if you open the NextCloudPi web panel (port 4443) it should suggest that you enable it.

If you went through the wizard, it should already be enabled, but probably with the wrong IP according to your description of what happened.

In any case, the ideal thing is to just access through mDNS, just type https://nextcloudpi.local. In windows you have to install bonjour services for this to work (see NCP wiki)

The second option would be to register the rpi as the primary DNS provider in your router. That way you would be able to access from home from all your devices without further configuration.

The third option (if 2 is not supported by your router) would be to point all your devices primary DNS to the raspberry pi.

Also, what @copenhaus suggested is an equivalent option

In any case, this info is covered by the NCP wiki here

The wiki is collaborative, so feel free to improve, add stuff or correct stuff that is not very clear/easy to understand.

Cheers!

@nachoparker

Notwithstanding my difficulties, thank you for your efforts in developing the NextcloudPi image.

In fact I did use the NextcloudPi wizard and everything seemed fine ie lots of green “flags” including dnsmasq. As you say, dnsmasq completed with the wrong IP address - is that the address I changed in the file config/config.php?

I did follow @copenhaus suggestion and added 192.168.1.7 this.that.org in the etc/hosts (on my client Ubuntu system) file but I reversed this before doing the following (but the change in the config/config.php file on the raspberry Pi stands):

Entering https://nextcloudpi.local in Firefox gives the “We’re having trouble finding that site” message. Dead end!

It appears that my router does allow me to set the Primary and Secondary DNS settings. When I set them to 192.168.1.7 and 8.8.8.8 respectively I can get to “ordinary” web pages but entering https://this.that.org (with and without /nextcloud) takes me to a “Your connection is not secure” page which says that as the page uses HTTP Strict Transport Security I cannot add an exception. Dead end!

Adding the 192.168.1.7 this.that.org back into the etc/hosts allows me to access the NextcloudPi login page using both 192.168.1.7 and this.that.org.

So I am a little further forward than I was yesterday but there still appears to be questions:

(1) dnsmasq appears to come up with the wrong address, is that significant?

(2) Why does the “HTTP Strict Transport Security” problem arise and is there a way to get around it?

(3) I have a solution for the connection between my Ubuntu system and NextcloudPi, I have to find the equivalents for @copenhaus mod to the etc/hosts file for my tablets and phones. But I am told Google is my friend!

Again thank you for your efforts with NextcloudPi and your patience with me.

To avoid this, you could as well simply use the Tor-Browser.

Hello,

I also could not access my NCP websites from within my local network because my router does not do NAT loopback.

Here is some feedback from my own experience with setting up dnsmasq on NextcloudPi… it took me HOURS.

I followed the guide here: dnsmasq as DNS cache server for NextCloudPi and Raspbian to help set up dnsmasq and I also googled loads.

If you start to configure dnsmasq in the Terminal User Interface in NextCloudPi image then you will notice that the form entry is different from shown on that webpage.

If you are able to adjust the Primary DNS of your router to the local IP address of your Pi then the value to enter in the DNSSERVER field in the TUI should be the local IP address of your router. I really think the webpage is confusing on this part and that cost me hours.

I have NextCloudPi running on my Pi attached to my local network. I only need dnsmasq to work as a local dns server so I can access the NextCloudPi websites from within my local network… no caching or dhcp or anything else.

In the end I was able to modify /etc/dnsmasq.conf to just this:

interface=eth0
domain-needed         # Never forward plain names (without a dot or domain part)
bogus-priv            # Never forward addresses in the non-routed address spaces.
no-poll               # Don't poll for changes in /etc/resolv.conf
no-resolv             # Don't use /etc/resolv.conf or any other file
cache-size=150
server=192.168.1.254  # Local ip address of my router
address=/my.domain.com/192.168.1.124  # Local ip of my Pi. This is optional if we add it to /etc/hosts

The domain name I use to open the NCP website is not listed in my /etc/hosts file at all, it only needs to be in /etc/dnsmasq.conf

After making changes to dnsmasq.conf… reload: >> /etc/init.d/dnsmasq restart
Status and error info about dnsmasq are reported to /var/log/daemon.log
You can also make a custom log file simply by adding the following line: log-facility=/path/to/logfile
to your /etc/dnsmasq.conf so you can monitor if things are going well

I got a line in /var/log/daemon.log that said: “using nameserver 192.168.1.254#53” which means that dnsmasq is running and listening on port 53 to local ip of my router on which I had set the primary dns as the local ip of my Pi.

I also had HSTS errors in Chrome when trying to access me NCP websites from within my own local network. This link: Re-Hashed: How to clear HSTS settings in Chrome and Firefox showed me how to clear the HSTS error. Basically if you are using Chrome go to chrome://net-internals/#hsts and type the domain name you use into the Delete domain section and click delete.

Of course after this you will still get Invalid certificate errors if like me you were trying to access the NCP websites from within your local network, that’s where dnsmasq comes in…

Let me know if you need any more help with dnsmasq… I might be able to sort you out.

Flex

thanks for that explanation. It seems like a good addition to the NCP wiki, if you are up for it

Sorry for my absence, life got in the way.

Given the information about editing the /etc/hosts file, the solution to the HSTS problem and a bit (for which read “lot”) more reading on my part to improve my understanding of things DNS I think I am now able to proceed a little further on my path to my ultimate goal.

My thanks to all who have helped me.