What are ports 80, 443, 3478, 8080, 8443 in NC AIO used for?

What are all the ports: 80, 443, 3478, 8080, 8443 in NextCloud AIO used for? Do I need to have all of them opened on my router for NextCloud to work. Im running it on a linux machine running ubuntu. I used this script and these instructions to install.:

// For Linux and without a web server or reverse proxy (like Apache, Nginx and else) already in place:
sudo docker run
–name nextcloud-aio-mastercontainer
–restart always
–publish 80:80
–publish 8080:8080
–publish 8443:8443
–volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config
–volume /var/run/docker.sock:/var/run/docker.sock:ro

official docs it’s always good point starting point. you will find all the port explained there and even which port you should open in the firewall


So as I understand it, if I don’t install Talk and I’m not using outside of local network. Then the only port that needs to be opened on the router is 443/TCP. But if I want to use NextCloud outside my network as well as Talk. I need to have 80/TCP, 443/BOTH, 3478/BOTH, 8080/TCP, 8443/TCP open.

Additionally, ports 80, 8080, and 8443 are all used to access your NextCloud interface, but they vary in security due to the mechanism of getting a certificate? Port 443/BOTH is used for the Apache server. And as mentioned 3478/BOTH is for Talk. Is that a good basic understanding?

Also if NextCloud AIO runs in docker, why is it that the official command to run it only publishes ports 80, 8080& 8443? Shouldn’t we also be publishing 443, & 3478?

if don’t want external access you don’t need any external open ports (or if you still want ACME cert you need to to open port 80/tcp as well - this is required by ACME certificate generation) - but if you open 80 and/or 443 Nextcloud becomes available externally.

→ removed not required ports.

I think you refer to this point in docs which clearly states this in intended to run behind reverse proxy:

  1. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) already in place:

the “without web server” statement sounds weird for me… as webserver is always part of AiO solution.

AiO is a tough piece of software and every admin should really spend time understanding what and how is tied together and how to use the system right.

Indeed, that is why no external web server should already be in place because AIO also includes one. The idea is that in that case you follow the reverse proxy documentation.

1 Like

I guess what he missed is this: GitHub - nextcloud/all-in-one: Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.