Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nextcloud Deployment Possible for me? Issues = CGN, etc.

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 366 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      svtkobra7
      last edited by

      Preface
      Long time lurker here. I've been running pfSense since I built my AIO server in early 2017. I don't have an IT background, so while I can eventually figure things out, it takes forever.; On this particular item, I've struggled spending days (literally_ attempting to fulfill a simple objective, but have been unsuccessful and figured I would turn to the forum to ask for a kind hand.; Thanks in advance for any guidance you can offer.

      Objective
      ● Deploy Nextcloud 13, hardened, and accessible at domain: DOMAIN.com
      ● I don't care how I get there (likely Ubuntu VM), but of course pf is heavily involved.
      ● I have two issues: (a) I can't connect the internal Nextcloud IP to DOMAIN.com and (b) I can't use certbot to obtain SSL

      Scenario / Constraints
      ● ISP
        ○ Single provider available to all units in condo building, cost = HOA dues pass through
        ○ Static IPs offered @ $20/month (which I can't bring myself to do for a number of reasons)
        ○ Ethernet to structured media enclosure, no modem to place in bridge mode, etc
        ○ CGN being used
      ● VPN
        ○ Provider = TorGuard / Port Forwards offered if port > 2048
        ○ OVPN Client #1 = TG_Static = Shared Public IP w/ port forward
        ○ OVPN Client #2 = TG_Dynamic = All other traffic
      ○ Why?
          ■ TG_Static was set up as a test case / future use to facilitate the objective
          ■ Port 32400 Forwarded via Torguard / pfSense Port Forward created / Test Case = Pass

      Is what I'm trying to accomplish achievable?; Items I've looked into, but haven't been able to piece everything together.
      ● Use VPN to bypass CGN (similar to Plex test case).
      ● VPN "443" Port Share (requires option added to VPN client and allows web server traffic to flow through to localhost:443. Haven't been able to get this to work yet.
      ● I know Apache can be set to "listen" on a port other than 443. But I don't think this allows the certbot script to succeed.
      ● ACME package. I have successfully edited DNS text record to achieve validation.
      ● Reverse proxy / HAproxy pf package. Unfamiliar.

      Again, thanks**!  :)**

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.