Network configuration for DuckDNS and Lets encrypt on OMV5

  • Hi,


    I am triyng to reconfigure my server with a fresh OMV 5 installation. However, since my last configuration, I have added a TP-Link router between my Internet Access Modem and all my devices. I am a little bit lost to configure the port fowarding in order to access to my server from the outside.


    I have made the following scheme in order to explain my network :

    1584644257-mon-reseau.png



    Could you tell me if the IP addresses and the port fowarding are correct ?


    Then, I would like to access to my OMV 5 system from the outside, and to all my services (NextCloud, Airsonic, Home Assistant, ...) with a reverse proxy and subdomains names (LetsEncrypt).


    I have followed the last video of technodadlife to install NextCloud :


    But I don't know if I should install duck DNS and lets encrypt as explained in its video inside NextCloud, or if I should skip this part, and install a DuckDNS container, and a LetsEncrypt container with the reverse proxy to be able to configure all my services... Or maybe both ?


    I found a video to install DuckDNS under OMV5 :

    )


    However, I haven't found anything about LetsEncrypt...


    Thanks for your help.

  • Thanks,


    I have prepared the following code for "Stacks" in Portainer under OMV 5:



    But in the video, we create a docker network with the command : docker network create my-net. Do I need to do it also with OMV5 ?


    And then, we add the following arguments : --cap-add=NET_ADMIN --network my-net


    The first is in the previous docker compose code, but I don't know how to add the second : --network my-net


    Thanks again for your help! :)

  • yes, you need to create my-net from shell

  • my-net instead of bridge


    --network my-net

  • How can I add the my-net configuration instead of bridge with the docker-compose under Stacks on Portainer ? (Inside my previous code)


    Furthermore, is it mandatory that the port 80 and 443 should be openned on the router ? Because on my internet provider access device, I can't open these port... I have set 25080 and 25443 instead, but I am wondering if letsencrypt will work ?


    Thanks

  • yes are mandatory because are the default; 80 for HTTP acess and 443 for HTTPS


    your internet connections search for por 443 (HTTPS), then you need to convert it on port 450 on your router (redirect to your heimdall docker on port 450), then the heindall docker change it other time to 443 request.



    this is done to do not touch port 80 & 443 of OMV ( so you can access to your OMVGUI

  • Hello


    I'm having troubles with Letsencrypt, Nextcloud and I receive this message.

    Welcome to our server

    The website is currently being setup under this address.

    For help and support, please contact: me@example.com


    I have read some posts in this and other forums, trying to change pieces of code, reinstall Nextcloud, permissions on the folders but nothing is working for me.


    The domain is basscloud.duckdns.org. nextcloud is the name of the container and 444 the internal port of this container.


    Nextcloud.subdomain from letsencrypt (I have some thinkings about upstream_nextcloud and ports



    config from nextcloud docker: The trusted domain number 2 is to access via 444 port without https and ssl certificate while it doesn't work.



    Some ideas to try?? Tell me please!

  • @sbasstbone, thanks to open a new thread, your problem is not the same than mine...


    For my problem, I have set the following parameters on my modem :

    1584778325-omv1.png


    Then, on my TP-Link router :

    1584778325-omv2.png


    Here is my lets encrypt container running:

    1584778454-omv3.png


    My LetsEncrypt container seems to have a problem :


    When I try to access to my serverxxx.duckdns.org address, I have ERR_CONNECTION_REFUSED...


    When I use my 91.XX.XX.XX:25080, I have the OMV web interface.


    Thanks

  • Hi,


    I have tried to install it again, with the right fowarding port on my modem and my router.


    DuckDNS is working fine, so my port redirection seems to be good. Hovever, When I am installing the letsencrypt docker container, I still have the same error...


    Could you help me please ?


    Thanks

  • Thanks or your help.


    I have configured my docker container with the following stack under Portainer :


    I have just seen that I have made a mistake on my config path... :

    Code
    /path/to/appdata/letsencrypt

    And I can't find the letsencrypt folder!

  • Sorry I deleted my answer because I did not notice all the previous comments.


    First thing: Your URL must only be duckdns.org. Under SUBDOMAINS you must set eg. nextcloud.mon-serveur,hassio.mon-serveur,etc..


    You have to specify where you want to have the config folder. E.g. /sharedfolders/AppData/letsencrypt. Then start the container. It will automatically create and fill the folder. Then you can stop the container again, go to proxy conf and edit it.


    There is no need to create any networks from shell anymore. This can be done in your docker-compose file (Your stack config). And again, you should at first try a minimum setup. Here you can have my current working docker-compose config:

    (Note: I am using different uid and gid but that should not be your problem)


  • Thanks again for your help. So lets try for the jdownloader subdomain.


    I have do my stack template following yours. Here it is :

    PS : We don't need the DuckDNS TOKEN ?


    Then, I have edited into proxy_conf the jdownloader file (I have used on my previous OMV4 installation) :


    But I still have the same error :


    Even without the subdomain creation, Shouldn't I obtain the correct certificate at the first run of LetsEncrypt ?

  • You need no duckDNS token as you not using auth method duckDNS but http. I think it must have sth to do with your modem/router/firewall configuration, then. There is that message "Timeout during connect (likely firewall problem)". Are you using a firewall? Have you tried setting up nextcloud standalone? It seems like letsencrypt is trying to confirm your subdomain.domain but is not able to connect via that address. Therefore it is not going to grant your certificate.

  • Think I cannot really help out here unfortunately. That depends on your modem and router and their configuration. I would recommend at first testing a standalone nextcloud setup and access it from your local network. If that works, try to access it via internet using your duckDNS domain. If that works, letsencrypt should work also unless your network is blocking some connections. You could also try to google that specifig error and/or ask letsencrypt devs.

  • I have done some more stuff.


    I have removed my TP-Link router and connected my server directly to my internet provider modem / router. But the problem was still there.


    I tried to installed NextCloud, according to this video :


    And at the letsEncrypt step into the Nextcloud web interface (see above video, I put the time selector at the right place), I still have the same problem :


    What's weird is that when I use my public IP, I can access to NextCloud, and when I use the duck dns domain, I just have a message of access from an unapproved domain. So it seems to work...

  • Failed authorization procedure. rd-home-server.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://my-server.duckdns.org/.…TCKFva_Wem2zqoQIXo6ScjBw: Timeout during connect (likely firewall problem)

    Regarding your Compose file you expose port 450 for https. Let's encrypt http challenge requires access to port 80 http and port 443 https of your server to work.

    https://letsencrypt.org/docs/allow-port-80/

    I have long felt that most computers today are not powered by electricity.
    They instead seem to be powered by the "pumping" motion of the mouse! --Willian Shotts

    Edited once, last by lusteri: [edit] Sorry, I haven't read your earlier posts where you have posted your Router configuration. Anyway, the error message tells it, no access to http. Check if you can access your server on both http and https from the public network and if DNS resolution does work. ().

  • If I do a cert update from Letsencrypt, I put Exposed Host for a short time, otherwise the update doesn't work.

    [LibreELEC @ 2x RPi3, CoreELEC @ S12 Octa Core]

    [ NAS OMV 5.xx (Usul) @ NanoPI M4 ]

    [ Nextcloud 18.0.4 @ ODROID C2 ]

    [ Motioneye @ RPi4]

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!