Using 2 Nextcloudpi instances with reverse proxy (by NGINX Reverse Proxy Manager)

ℹ️ Support 📄 Office
,
1

Hi to all,

I am using nextcloudpi intance with a dyndns service (no-ip) and a working ssl-certificate. The cloud can be reached via internet bei my domain:
“domain1.ddns.net”.
Now I want to use another nextcloudpi instance with another dyndns service (duckdns): “domain2.duckdns.org”.
Both nextcloudpis should be reached over my public ip-address.
I prepared a third a raspberry pi and installed docker to run NGINX reverse proxy manager. I configured NGINX according to the different tutorials so that the domain-names are connected to the provided IP-numbers provided by my router. I also installed letsencrypt ssl-certificates for both domains.
In the fritz.box I deleted port forwarding (Ports 80 and 443) of my first nextcloudpi changed it to the IP-Number of the NGIXN-reverse proxy.
manager. According tho the NGIXN-Manager both domains are configured correctly.
But when I call “domain1.ddns.net” or “domain2.duckdns.org” I cannot reach the nextcloudpi. I get the message: “Too Many Redirects” of the webside. I cleared the cache of the browser, but the error is still there.
Does anybode have a step by step explanation how to setup my to nextclouds correctly.
Kind regards
Chris

2

hey @Christoph_Weber and welcome to the community

ahh that’s where your issue is. see here 101: Network, domain and DNS to get an idea of what is required

you only have a single point of entry pointing to your reverse proxy. so you can’t have two DDNS providers pointing to your routers public IPv4 address.

suggest you do the following;

  • domain1 is working and is your primary DNS acting as your single point of entry for your reverse proxy
  • domain2 does not need its own DDNS, thus forward domain2 to your primary DNS on "dyndns service (no-ip) "

that way your reverse proxy will be listening for domain1 and domain2 coming from your primary DNS on "dyndns service (no-ip) " and forwarding client requests to the configured instances.

in other words, don’t use two DDNS providers, but forward your domains to your primary DDNS and let reverse proxy look at the domain names being visited and forwarding the traffic accordingly

2 Likes
3

Hi,

I am no expert here, but I would like to know why aren’t you using second host name with same No-IP service?

001
001475Ă—414 23.9 KB

No-IP allows 3 host names with their free plan

Using subdomain1.ddns.net & subdomain2.ddns.net would eliminate the need for second Dyn-DNS service.

As far as I am aware, you can simply use a single Pi to run all three services. But its your choice, for whatever reason you wish to run 3 separate Pi, you can.

But you need to provide more information on this NginX Reverse Proxy Manager and it’s configuration for people to troubleshoot this issue.

Please consider adding more details of this deployment.

This is a common problem when reverse proxy is redirecting in a loop. So consider including more information about your reverse proxy and it’s configuration for troubleshooting.

You dont have to reply to this since it’s off topic, but I would like to know that how did you get this working SSL for a ddns.net subdomain?

Lastly, (Off Topic) a domain name is like USD 1 or even less. If you get yourself a (TLD) domain, things may become lot easier.

Thanks.

4

Thank you very much, Naxal and scubamuc, for your detailed explanation! This was already very useful news for me.

In order to make things easier, I configure my reverse proxy to listen to only to domain1.ddns.net (no-ip) and deleted the configuration for the domain2.
When I call domain1.ddns.net I get:

image
image1083Ă—670 55.7 KB
.

Port forwarding for ports 80 and 443 are configured to the NGINX reverse proxy server at ny fritz.box

I have following questions:

Do I have to deactivate the automatic signed ssl certificate (see picture from my nextcloudpi)?

image
image1510Ă—640 40.1 KB

Do I have to deactivate the no-ip ddns-service in the nextcloud?

image
image838Ă—541 29 KB

And is the reverse proxy taking care of DynDns Usage? Do I have to deactivate this in my fritz.box?

image
image1219Ă—826 140 KB

Sorry, for the maybe simple questions, but I am not so familar with this kind of stuff.

Finally here is a screenshot of my reverse proxy manager, showing that my reverse proxy is listening to domain1.ddns.net.

image
image1831Ă—556 55.3 KB

Thanks for you help.
Chris

5

Hi,

I am no expert here but here are the basics one needs to know,

DNS (whether its for DDNS or TLD) → is to simply tell the browser (Client) which Public IP address to go to.

Reverse Proxy → Once that request arrives at that Public Host, port forwarding will take it to the Reverse proxy, it will check the requesting domain name and forward that request to respective port or (internal) IP address.

At first glance, I am unable to find any fault in theoretical setup of yours. It looks to be ok but I dont know your internal networking (LAN) or how your Pi OS network stack looks like.

Theoretically yes, NPM itself is suppose to terminate SSL but if needed it can further do SSL between itself and your Pi

Here is the configuration I use for deployments that I manage,

001
001496Ă—547 30.8 KB

002
002489Ă—377 20.7 KB

Here, NPM is accepting and terminating a SSL connection and then connecting to the Nextcloud (Internal LAN) which itself is also running a SSL

Technically speaking, you need the DDNS client at only a single place within your entire LAN. Best practice is to run it at your router itself. If possible, disable it here and run it at router.

As I said before, I dont have access to your network layout, so not sure if this particular thing is actually causing the entire issue.

This is a wrong config since your nextcloud itself is running a SSL. Unless your nextcloud Pi is running that SSL on Port 80. Your Reverse proxy should be pointing to https with it’s respective port for that Nextcloud Pi.

Refer to my example for hands on…

Check if this solves your issue.

Thanks.

1 Like
6

yeah, it seems you have some studying to do… reverse proxy and DNS can be quite daunting at first.

see this example here… now this not your setup, but you’ll get the idea.

your screenshot shows that you are trying to pass through https(443)… while you should be forwarding http(80). also your DESTINATION should be a local hostname or IP address (no port required) and not a domain see Hosts & FQDN configuration (once again, that’s just an example, so don’t go copy and pasting)

grafik

wenn du glaubst an der sprachbarriere zu scheitern, dann geb bescheid :stuck_out_tongue_winking_eye: