this post was submitted on 23 Nov 2023
1 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Hey all, I'd love some more eyes on this problem I've been having.

Context:

  • I'm behind a CGNAT.
  • I have a domain
  • I have VPN with a dedicated IP
  • My DNS records are pointed at that dedicated IP
  • I have a TP_Link A8 Router, and a Surfboard DOCSIS 3.1
    • Router has Bonded light
  • I'm running a server with Proxmox VM
    • It works amazing locally

Goal(s):

  • Use NextCloud/OwnCloud
    • Ability to access NC/OC from outside local network
    • Being able to use domain name instead of dedicated IP when accessing page

Actions:

  • Install a Debian 12 VM (or LXC depending upon attempt)
  • Update package repositories
  • Add user to sudoers file
  • Install UFW
  • Install VPN application
  • Enable UFW
    • Deny ALL but 40,443
  • Install Docker Engine
  • Enable VPN
  • Install Cosmos Server
    • Go through initial setup
      • Configure domain as Dedicated IP
  • Here my attempts just hang.
    • I have tried this using NGINX Reverse Proxy
    • I have tried this using Apache2 as a reverse proxy

Technical Information

  • Port scanning options see ports as open
  • SSL certificate application (letscrypt) hangs

I have also followed the 'how to' https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html from Nextcloud, using manual installation, and can install it, but when I get to the letscrypt stage, I can never get it to complete. I've tried the AIO as well. as the Docker image.

The issue is always with SSL/connecting from the outside. I can access it locally, but that doesn't help me leave commercial clouds behind!

I've included my network diagram of what I *think* is going on

https://preview.redd.it/xt1o7o4aez1c1.png?width=1148&format=png&auto=webp&s=ff7c8bfef0cc612ce80505a0ffa63dd9a2e04953

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 11 months ago

I am not a Nextcloud wizard, but I have been successful using acme.sh in different contexts, specifically using "DNS mode" to prove I have control of a domain name without inbound IP access.

Does any inbound IP traffic work? I'd start by making sure that the port forwarding is working correctly with plaintext traffic like HTTP/port 80 and then look at encryption.

You also might need to use alternate ports if your ISP doesn't want you running servers, which is probably the case if you're behind CGNAT.