Issue with Remote access to Nextcloud on Raspberry pi 3B using Letsencrypt and DuckDNS

  • Hi all.


    I have installed OMV with Docker and Nextcloud using Techno Dad Life's videos on a Rasbperry pi 3 model B. I used all lsioarmhf repos. Access from within my network is fine so far..


    I then tried to set up remote access to my Nextcloud server using DuckDNS and Letsencrypt as per Techno Dad Life's video also. I have followed everything right down to the last full stop in all his videos, but I am having issues connecting remotely. All port forwarding has been set up on my router. I have a D-Link router provided by TalkTalk (UK). See config below:


















    I have tried to connect to my duckdns via a device outside of my home network, but I get the an error saying This site can't be reached. ***********.duckdns.org unexpectedly closed the connection. ERR_CONNECTION_CLOSED:





















    I've restarted everything, but no joy. All docker ports and all instructions have been set up as Techno Dad Life's videos.


    Does anyone have any idea what the issue might be? If so, please can you help?


    TIA everyone.


  • I do not know.
    But let's try small steps.


    Are you able to touch the server from the wan side at all?
    Does DuckDNS have your correct public IP? If so then let's go one step forward.
    Is your router correctly redirecting the ports to your server?


    I understand that your services are listening on ports 90 and 450?
    First, make sure that the packets are actually getting up from wan to get to your omv at 192.168.1.5

  • Thanks for the response.


    Everything works fine with the install side of Nextcloud. I can access things locally just fine using 192.168.1.5:444


    After local access being fine, during the remote setup video of TDL using Letsencrypt and DuckDNS, we add the following 3 lines of code to the config.php file located at sharedfolders/AppData/Nextcloud/www/nextcloud/config/config.php


    'overwrite.cli.url' => 'https://*******.duckdns.org',
    'overwritehost' => '*******.duckdns.org',
    'overwriteprotocol' => 'https',


    To answer your questions:


    Are you able to touch the server from the wan side at all?
    After setting up the remote access as per TDL's video, the local connection to Nextcloud doesn't work as it seems to redirect from local ip of pi to DuckDNS url. If I comment out the three lines of code above in the config.php file, I have local access again.


    Does DuckDNS have your correct public IP? If so then let's go one step forward.
    Yes, DuckDNS has my correct IP. This was set automatically by DuckDNS, but I can confirm that it is correct.


    Is your router correctly redirecting the ports to your server?
    Yes I believe it is. I attached a screenshot of the config on my router that forwards 443 to 450, and 80 to 90. Here is my router port forwarding config.


    I understand that your services are listening on ports 90 and 450?
    Yes they are as per TDL vids.


    First, make sure that the packets are actually getting up from wan to get to your omv at 192.168.1.5
    Not too sure what you mean here as I'm not to well up on networking, but I can ping 192.168.1.5 with cmd as admin, with the three lines of code active and not commented out. (if that makes sense)


    Ironically, I have just tried to connect remotely using my DuckDNS url without the pi switched on, and I get the same ERR_CONNECTION_CLOSED error.

  • I assume getting the letsencrypt certificates worked for you?
    If yes, your port forwarding should be fine.
    Then the issue probably lies in the nc config and the letsencrypt nginx config.
    Try this thread. Maybe one of the tips helps you. For me it was changing the nextcloud.subdomains.conf in Appdata/letsencrypt/nginx/proxy-confs/


    Code
    proxy_max_temp_file_size 2048m;   to   proxy_max_temp_file_size 1024m;
  • I assume getting the letsencrypt certificates worked for you?
    If yes, your port forwarding should be fine.
    Then the issue probably lies in the nc config and the letsencrypt nginx config.
    Try this thread. Maybe one of the tips helps you. For me it was changing the nextcloud.subdomains.conf in Appdata/letsencrypt/nginx/proxy-confs/


    Code
    proxy_max_temp_file_size 2048m;   to   proxy_max_temp_file_size 1024m;

    Holy crap... that was it. Changed the nextcloud.subdomains.conf in Appdata/letsencrypt/nginx/proxy-confs/ as per your source code and it sprang into life.


    Thanks ever so much for this. You really made my day, I mean week... no lets say month!

  • Will throw a shout out their way... no worries.


    BTW.. any idea how to access my server locally? The same redirect i mentioned is happening from inside my network.


    TIA.

  • No worries. I'll just rem out the overwrite code in the config.php file if I need local access - for adding files for instance.

    Is that neccesary? If access NC from my home network (e.g. 192.168.1.10:444) the adress gets redirected to the dyndns adress. But the connection works.

  • Yes, the redirect to DuckDNS happens, but for some reason, i get:


    the This site can’t provide a secure connection
    *********.duckdns.org uses an unsupported protocol.
    ERR_SSL_VERSION_OR_CIPHER_MISMATCH


    If I VPN out from my local pc to access NC via my pc browser, it works but the transfer rate isn't the fastest.

  • It's not currently pointing to anything... the lines read:


    'trusted_domains' =>
    array (
    0 => '192.168.1.5:444',
    1 => '**********.duckdns.org',
    ),


    There is no https:// at pointer 1. Would this be the issue?


    Edit: Tried adding https:// at the front of pointer 1, but still having the same issue.

  • In the nextcloud.subdomain.conf code is below:


    # make sure that your dns has a cname set for nextcloud
    # assuming this container is called "letsencrypt", edit your nextcloud container's config
    # located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
    # 'trusted_proxies' => ['letsencrypt'],
    # 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
    # 'overwritehost' => 'nextcloud.your-domain.com',
    # 'overwriteprotocol' => 'https',
    #
    # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
    # array (
    # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
    # 1 => 'nextcloud.your-domain.com',
    # ),


    server {
    listen 443 ssl;
    listen [::]:443 ssl;


    server_name *********.*;


    include /config/nginx/ssl.conf;


    client_max_body_size 0;


    location / {
    include /config/nginx/proxy.conf;
    resolver 127.0.0.11 valid=30s;
    set $upstream_nextcloud nextcloud;
    proxy_max_temp_file_size 1024m;
    proxy_pass https://$upstream_nextcloud:443;
    }
    }

    • Offizieller Beitrag

    the props go to @Nefertiti and @Agricola for figuring this out!

    @Morlan Thank you.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • Thank you Morlan I was able to edit the file via the Nano editor. However there is still a problem as I cannot
    access Nextrcloud any m,ore under https://xxx.xxx.xxx.xxx:444.
    If I do this the url is translated to https://myhostname.duckdns.org/nextcloud but the Browser message says
    the site is unreachable.
    Any hint ?

    Ok it works, the letsencrypt container wasn't listening on ports 450 and 90, this info must have somehow gone lost.
    Entered the values again and .... Tadaaa, It works ^^


    Thanks to TechnoDadLife for the manual and all of you here supporting me

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!