PLZ Help!!! Failing at Publishing a Nextcloud Instance

alwazw

I have pfsense virtualized on proxmox. I want to publish nextcloud instance to nextcloud.wazzan.us accessible via internet. I'm failing miserably at it. Plz help!

I tried every advise and tutorial online and still getting:
This page isn’t working nextcloud.wazzan.us redirected you too many times.

---

---

Wan 192.168.2.222
gateway 192.168.2.1
lan 10.10.10.10
turnkeylinux-nextcloud 10.10.10.42

---

Issued acme certificate
Name wildcard_wazzan_us
Domain name *.wazzan.us
Method DNS cloudfare

Action list:
Mode Enabled
Command /usr/local/etc/rc.d/haproxy.sh restart
Method shell command

---

ddns nextcloud.wazzan.us working

---

haproxy backend
Mode active
Name nextcloud
Forwardto Address+Port:10.10.10.42
Address Port 80
Encrypt(SSL) no
SSL checks no

---

haproxy frontend
Name Wazzan_us
Description apps
Status Active

External address - Table:
Listen address LAN address (IPv4)
Custom address greyed out
Port 443
SSL Offloading on
Type: http/https(offloading)

Access Control lists:
Name nextcloud
Expression Host matches:
CS no
Not no
Value nextcloud.wazzan.us

Actions:
Action Use Backend
Parameters See below
Condition acl names nextcloud
backend nextcloud

SSL Offloading:
Certificate: wildcard_wazzan_us
Add ACL for certificate subject alternative name ON

---

NAT - Port Forward:
Interface WAN
Protocol TCP/UDP
Source Address WAN address
Source Ports 443 (HTTPS)
Dest. Address ! WAN address
Dest. Ports 443 (HTTPS)
NAT IP LAN address
NAT Ports 443 (HTTPS)

---

Firewall Rule - WAN:
States 0/0 B
Protocol IPv4 TCP/UDP
Source WAN address
Port 443 (HTTPS)
Destination LAN address
Port 443 (HTTPS)
Gateway *
Queue none
Description NAT

---

PfSense etc/hosts
127.0.0.1 localhost localhost.home.arpa
::1 localhost localhost.home.arpa
10.10.10.10 pfSense.home.arpa pfSense
10.10.10.42 nextcloud.wazzan.us nextcloud

Next cloud - Webmin

var/www/nextcloud/config

<?php
$CONFIG = array (
'passwordsalt' => '', --I masked it
'secret' => '', --I masked it
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'nextcloud.wazzan.us',
2 => '10.10.10.10',
3 => '10.10.10.42',
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://nextcloud.wazzan.us'
),
'datadirectory' => '/var/www/nextcloud-data',
'dbtype' => 'mysql',
'version' => '27.1.1.0',
'overwrite.cli.url' => 'http://localhost',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => '***********', --I masked it
'installed' => true,
'instanceid' => '1113d2af312c1',
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
'host' => '/var/run/redis/redis.sock',
'port' => 0,
'timeout' => 0.0
),
'filelocking.enabled' => true,
'memcache.locking' => '\OC\Memcache\Redis',
'log_type' => 'file',
'logfile' => '/var/www/nextcloud-data/nextcloud.log',
'loglevel' => 3
);

---

Network configuration - Routing and Gateways - Active configuration

Destination Default Route
Gateway 10.10.10.10
Netmask
Interface eth0

Destination 10.10.10.0
Gateway
Netmask 255.255.255.0
Interface eth0

---

/var/www/nextcloud-data

{"reqId":"zU3ufpT2qY6HPgjsYEVc","level":3,"time":"2023-10-29T10:45:14+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"dns_get_record(): A temporary server error occurred. at /var/www/nextcloud/lib/private/Http/Client/DnsPinMiddleware.php#84","userAgent":"--","version":"27.1.1.0","data":{"app":"PHP"}}
{"reqId":"ZT5pQBjodNfk8u3Tg6rOagAAAAM","level":3,"time":"2023-10-29T14:16:32+00:00","remoteAddr":"10.10.10.14","user":"admin","app":"PHP","method":"GET","url":"/index.php/settings/apps","message":"dns_get_record(): A temporary server error occurred. at /var/www/nextcloud/lib/private/Http/Client/DnsPinMiddleware.php#58","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36","version":"27.1.1.0","data":{"app":"PHP"}}

---

[root@nextcloud ~]# resolvectl status
sh: 1: resolvectl: not found

---

johnpoz

@alwazw said in PLZ Help!!! Failing at Publishing a Nextcloud Instance:

Dest. Address ! WAN address

If you want haproxy to send the traffic why are you creating a port forward? And why would you make the destination ! wan.. So any destination other than the wan address forward to th 10.10.10.42 address?

Your pfsense wan is also on rfc1918, so behind some other nat router - did you forward to pfsense wan on that device for what you want to get sent to this nextcloud instance?

alwazw

@johnpoz I have WAN in the DMZ zone as my ISP doesn't allow bridging on their modem.
I am an absolute beginner. My objective is to have 10.10.10.42 published to nextcloud.wazzan.us.
I'll remove the NAT fwd along with associated firewall rules.
Is my HA configuration correct?
What's the next step?

johnpoz

@alwazw I didn't get in that deep.. Just saw you had both nat and haproxy setup which is normally wouldn't be the case for the same thing. And ! Wan wouldn't be right..

viragomann

@alwazw
The HAproxy settings are well as far. I'm just wondering, why you let the frontend listen to the LAN address. I cannot think of an benefit of this at all.

Anyway doing so, your NAT rule seems wrong. The source address and port have to be "any". The destination address would be WAN address. So you have to remove the "invert match".

However, I would set the frontend to listen an WAN IP and just add a firewall to allow to allow this access to it.

And your Nextcloud config looks wrong, the "overwrite" parameters are not meant to be used within the trusted_domains array. I guess, they won't work in this case.

johnpoz

@viragomann said in PLZ Help!!! Failing at Publishing a Nextcloud Instance:

The source address and port have to be "any"

good catch - yeah that is wrong too for nat..