Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hosting nextcloud behind 1 WAN

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 595 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sean 0
      last edited by

      Hello,
      I am having difficulty configuring my sg-2100 NAT for my opt vlan that hosts my nextcloud server and acts as a dmz. I have the opt configured, I need to configure:
      SERVER (OPT1) <-> WAN <->Nameserver/DNS

      Since I only have 1 WAN, I assume that I must use haproxy. This should also increase security somewhat from what I have read. Any assistance would be appreciated as I am stumped.

      1 Reply Last reply Reply Quote 0
      • W
        wolfsden3
        last edited by

        Don't you just make a NAT rule to the http or https port...? I'd put your firewall on an alternative port like 8081 so you can manage your firewall like https://ip:8081 (or some other port) and then simply NAT your nextcloud to http and https > vlan IP.

        Should work no...?

        S 1 Reply Last reply Reply Quote 0
        • S
          Sean 0 @wolfsden3
          last edited by

          @wolfsden3 I do server side setup, dove into this without realizing how complex the config is. There's so many choices and conflicting answers that I am beyond confused. Currently the wan takes me to the pfsense page, my thoughts were using haproxy to both mask and separate the pfsense dchp server and the nextcloud server

          1 Reply Last reply Reply Quote 0
          • W
            wolfsden3
            last edited by

            I wouldn't because, in my view, that complicates things.

            You have two services that need http and https. You have to pic one for each port.

            In a virtual server setup you can serve http and https depending on the host name request.

            1 server > 2 websites

            Unfortunately you have...

            2 servers > 2 websites (your firewall http and your nextcloud http)

            This is why you need to (again, in my view):

            1 - Go to: system > advanced > change your port to something else, like me. I serve it on port 10000

            • Note: You will want to first make a firewall rule to allow port 10000 on your WAN. Firewall > Rules > Floating allow any to 10000 TCP

            3df86e09-c752-41f5-bf25-5defabacc795-image.png

            Here's the advanced web port change.

            ee4e99d8-2824-4902-bda3-ab02085fdfb9-image.png

            Once you change your web port on your firewall from http port 80 /https port 443 > you've free'd those up to be used on something else. Now you're doing http/https on port 10000 :-)

            Now you can make a NAT rule:

            firewall > nat > that says, anything from your WAN on http port 80 and https port 443 > go to your private IP 192.168.1.whatever (or whatever private IP's you're using).

            Hope that helps.

            That's how we've done these things in the past. Not using standard ports on your firewall for web management helps cut down on the BS even though they'll find you eventually. 10000 is a common port used in web servers as is 8080, and many others.

            Alternatively, you could host your nextcloud on an alternative port too like 4434 or something and NAT 4434 > 443 on your private LAN side too. That would maintain the firewall defaults BUT we've found when publishing your owncloud URL that people will often hit the firewall interface not knowing they need to type in https://ip_address_here:4434
            ...so it can get confusing.

            Always take a backup of your firewall before making and testing these changes :)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.