4. Nextcloud Deployment Possible for me? Issues = CGN, etc.

Nextcloud Deployment Possible for me? Issues = CGN, etc.

  • S

    Preface
    Long time lurker here. I've been running pfSense since I built my AIO server in early 2017. I don't have an IT background, so while I can eventually figure things out, it takes forever.; On this particular item, I've struggled spending days (literally_ attempting to fulfill a simple objective, but have been unsuccessful and figured I would turn to the forum to ask for a kind hand.; Thanks in advance for any guidance you can offer.

    Objective
    ● Deploy Nextcloud 13, hardened, and accessible at domain: DOMAIN.com
    ● I don't care how I get there (likely Ubuntu VM), but of course pf is heavily involved.
    ● I have two issues: (a) I can't connect the internal Nextcloud IP to DOMAIN.com and (b) I can't use certbot to obtain SSL

    Scenario / Constraints
    ● ISP
      ○ Single provider available to all units in condo building, cost = HOA dues pass through
      ○ Static IPs offered @ $20/month (which I can't bring myself to do for a number of reasons)
      ○ Ethernet to structured media enclosure, no modem to place in bridge mode, etc
      ○ CGN being used
    ● VPN
      ○ Provider = TorGuard / Port Forwards offered if port > 2048
      ○ OVPN Client #1 = TG_Static = Shared Public IP w/ port forward
      ○ OVPN Client #2 = TG_Dynamic = All other traffic
    ○ Why?
        ■ TG_Static was set up as a test case / future use to facilitate the objective
        ■ Port 32400 Forwarded via Torguard / pfSense Port Forward created / Test Case = Pass

    Is what I'm trying to accomplish achievable?; Items I've looked into, but haven't been able to piece everything together.
    ● Use VPN to bypass CGN (similar to Plex test case).
    ● VPN "443" Port Share (requires option added to VPN client and allows web server traffic to flow through to localhost:443. Haven't been able to get this to work yet.
    ● I know Apache can be set to "listen" on a port other than 443. But I don't think this allows the certbot script to succeed.
    ● ACME package. I have successfully edited DNS text record to achieve validation.
    ● Reverse proxy / HAproxy pf package. Unfamiliar.

    Again, thanks**!  :)**

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy