Nextcloud Bad Gateway

    cat /etc/resolv.conf shows both:


    Why is OMV using 1.1.1.1? I set it to PiHole in Network/Interfaces/Advanced Settings

    The problem about port forwarding is that dual option in Fritz.box

    The first one in pic 3 sets a port that you decide (default is 443, i have set 4443)

    - this option let me see the Swag page from MyFritz url/public IP

    The second one in pic 4 lets you decide which port forward on what protocol, like 443 to 4443

    - this option lands on an error page


    The ports are wrong: esternamente is 443 to dispositivo 4443.


    Make the same for 80 to 8088.


    This is the one's for SWAG.

    It would be easier if you switched the UI to english, but from what I understand, you are setting the external port to 4443. It has to be 443 as this is reserverd for https.


    If you post the screen shots in english i can check. The menu should not be too different from my fritzbox.

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

    Gefällt mir 1
    • Offizieller Beitrag

    I don't know spanish (I think that's what that is)... but are you using port triggering, instead of port forwarding? The fact it seems to be asking for a range of ports makes me think port triggering.


    If I'm not mistaken, there's quite a diffference between the two. I've tried to get SWAG to work w/ port triggering several times and it never worked.

    Zitat von KM0201

    I don't know spanish (I think that's what that is).

    It's Italian, :)


    The Fritz.Box as port forwarding on the same page as port sharing:


    So DNS validation works without open ports? Hmm, you live and learn..

    A Fritzbox allows to forward a whole range of ports to some host. This is not related to port triggering.

    I have not found any use for it (It may be used to forward port 20 - 21 if you used ftp)


    In my home setup I have forwarded all ports which is called "exposed host" (to my real firewall)

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.


    I am also quite confused what an amount of open ports you have. Eg. pihole. It actually does not need any open port. Are you sure you know what you are doing there?

    • Offizieller Beitrag
    Zitat von HannesJo

    No it is not port triggering. Fritzbox asks for a range even for port forwarding. As Soma already noticed, he simply confused external vs internal port. He entered 4443 as external.

    Then how did he pull a cert? My experience, when the ports are reverse.. you won't be able to successfully pull a cert.

    Zitat von Zoki

    In my home setup I have forwarded all ports which is called "exposed host" (to my real firewall)

    Is this the same as a DMZ device???

    Bingo Soma! Inverted external/internal ports!

    I can access NextCloud from the web now.

    The reason I set it that way is because all the obfuscated services in Windows are mostly P2P apps that don't need to use a different port inside/outside, they just need an open port. They can use any 0-65535, so I thought ok, 4443 is the arbitrary port I've chosen for HTTPS, I will assign it to 443.

    Thank you all for so much effort in helping me!

    Yes, language is italian :)

    I will now try it and check back with feedback, but looks like it's working finally.

    EDIT

    OK, I will remove PiHole ports if it's not necessary, no I did not know what I was doing, just following suggestions/tutorials/videos. I've been into selfhosting for just a few months, I'm a beginner in that. I've been using PCs for a life, but always as a client/workstation.

    Zitat von jan_axhell

    Bingo Soma! Inverted external/internal ports!

    I can access NextCloud from the web now.

    :thumbup::thumbup::thumbup:

    I see. I mean I could imagine opening Pihole ports if you plan to use it from outside of your home. But I think that’s not common. Just keep in mind that every port we can see in your screenshots can be accessed from internet. This upper list starting with 7866 of your desktop. Anyone can try to attack your desktop via these ports. Fritzbox will not block it.

    Zitat von HannesJo

    I see. I mean I could imagine opening Pihole ports if you plan to use it from outside of your home. But I think that’s not common. Just keep in mind that every port we can see in your screenshots can be accessed from internet. This upper list starting with 7866 of your desktop. Anyone can try to attack your desktop via these ports. Fritzbox will not block it.

    I'm aware of that, I rely on firewall and anyway I've plenty of backups for sensitive stuff. For 20 years I've had an ISP that barred me behind a NAT, I could not reach my home anyway because I had a random private IP behind a random public IP. Now I am enjoying freedom for a while :)

    Zitat von Soma

    Is this the same as a DMZ device???

    I don't know the term. I only want it to pass all traffic 1:1 to my internal firewall. So the fritzbox is acting as a PPPoE Modem for my internet connection and all the interesting stuff is done behind it.

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

    Danke 1
    Zitat von KM0201

    Then how did he pull a cert? My experience, when the ports are reverse.. you won't be able to successfully pull a cert.


    Zitat von HannesJo

    Yeah I‘m wondering too

    If you use DNS-01 challenge (https://letsencrypt.org/docs/challenge-types/) the client posts a request to letsencrypt, gets a random string as response and has to set a TXT record with your DNS provider.

    After a while the client will pull the cert and letsencrypt will check the DNS for this random string.


    You can even do this fromt he command line with certbot without any http server


    Pros:

    - no need for a (publically available) web server

    - can provide wildcard certs


    Cons:

    - you have to put the API credentials fpr your DNS provider on the host

    - you have to use a DNS provider offering an API

    - the client you use has to know how to handle the DNS provider.

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

    Danke 1
    • Offizieller Beitrag
    Zitat von jan_axhell

    Why is OMV using 1.1.1.1? I set it to PiHole in Network/Interfaces/Advanced Settings

    I don’t think you should use PiHole in your omv settings. Stick with 1.1.1.1.

    There are no adds to block in omv. PiHole is for your desktop and mobile devices.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden