NextCloud

Forum home -> Tech Talk -> View topic

Post

Posted
Rating:
#287 (In Topic #56)
Avatar
Standard member

Questions about nextcloud setup

I was following the NOTS tutorial for setting up NextCloud 15 on Ubuntu 18.04 server, but I was trying to do this on my own server as opposed to a VPS like Jacob did with Digital Ocean.

I came across a problem when trying to get Let's Encrypt for my server because I only had the private IP address of my PC, which I have now learned one cannot get SSL/TLS certificates for (I'm fairly new to the server world).

I'd like to set up my own server at a known location to run NextCloud, and then access it over the internet from other locations. Is this possible? I noticed from this page on Datamation that they only include the VPS, or LAN as options for NextCloud: https://www.datamation.com/open-source/how-to-setup-your-own-cloud-server-with-nextcloud.html. That made me think it had to either be at a home network only, or through a VPS.

Is it possible to set up my own web server for which I can then use Let's Encrypt, and have NextCloud running at my known physical location and accessible over the internet? I'm still researching this online, but have been coming up short.

Thanks in advance.
Online now: No Back to the top

Post

Posted
Rating:
#288
Avatar
Standard member
For more detail, the error I received was right after editing the 000-default.conf file to include the server name. Running "certbot –apache", while asking if I'd like to activate HTTPS for the name I used, wound up resulting in an failure after "Cleaning up challenges" stating "The server could not resolve a domain name :: No valid IP addresses found for mydomain.com".

This led me to the following: No valid IP addresses found for (my domain) - Help - Let's Encrypt Community Support

Which I then figured the issue was because I was using my private IP address instead of a public one from a web server.
Online now: No Back to the top

Post

Posted
Rating:
#289
Avatar
Standard member
I figure I'll just keep posting as I find out more to let you know where I'm at.

At this point, I figure it must be possible as people host their own sites all the time.

I came across this guide: "

Installing Nextcloud on Ubuntu with Redis, APCu, SSL & Apache

Installing Nextcloud on Ubuntu with Redis, APCu, SSL & Apache

View

" which outlines additional software needs that I believe weren't in the NOTS tutorial as a VPS was being used. Examples are installation of LAMP, APCu, and Redis. I'll try going through this guide when I get time.

Some other reading I've done recommends not hosting one's own server as there are a number of disadvantages, but I'm doing this more as a learning exercise than anything, so I'll continue on that front.

Let me know if you have any recommendations or if there are other things I should be considering.
Online now: No Back to the top

Post

Posted
Rating:
#290
Avatar
Standard member
Looking back at the video, the main discrepancy from my approach is that Jacob does SSH into the root at the IP address provided for Digital Ocean's VPS. That's effectively where I deviate. I guess at this point, my question is:

"Is it possible to obtain and SSH into a public IP address on a web server run from my computer at home with no additional hardware, such that I can use Let's Encrypt to get HTTPS when accessing the server?"

Alternatively, if that isn't possible:

"Is there another simple means of encrypting the private IP address of my PC to get HTTPS when accessing the server over the internet?"

Thanks again in advance.
Online now: No Back to the top

Post

Posted
Rating:
#291
Avatar
Standard member
Just adding new details for what I've learned since the last post.

Following the NOTS video on "Setting up a home web server", I was made aware of port forwarding. Researching more into this now.

Any more info is still helpful.
Online now: No Back to the top

Post

Posted
Rating:
#292
Avatar
NOTS Staff
I'm sorry it took me so long to get back to you, I started a new full-time network technician job yesterday (Monday), so I've been very busy. I'll read through your posts now and respond to any questions I see.

1123artc said

Is it possible to set up my own web server for which I can then use Let's Encrypt, and have NextCloud running at my known physical location and accessible over the internet? I'm still researching this online, but have been coming up short.
It's entirely possible to host your own Nextcloud server at home, I did this myself for years. I would actually recommend home-hosting over a VPS because it gives you more control.

1123artc said

For more detail, the error I received was right after editing the 000-default.conf file to include the server name. Running "certbot –apache", while asking if I'd like to activate HTTPS for the name I used, wound up resulting in an failure after "Cleaning up challenges" stating "The server could not resolve a domain name :: No valid IP addresses found for mydomain.com".
If that's a literal copy-paste error message, the issue is that "mydomain.com" is obviously an example domain name and not one that you control.

1123artc said

Which I then figured the issue was because I was using my private IP address instead of a public one from a web server.
To be clear, your PC (or, rather, your home internet connection) does have a public IP address. You can find it by going to DuckDuckGo and searching "what is my ip", then look at the info it returns at the top or use any of the websites in the results. Your home router performs Network Address Translation (NAT) to translate that single public IP into a separate private one for each of your devices.

1123artc said

I came across this guide: <snip> which outlines additional software needs that I believe weren't in the NOTS tutorial as a VPS was being used. Examples are installation of LAMP, APCu, and Redis.
LAMP stands for Linux, Apache, MySQL/MariaDB, and PHP. All four of those things were included in my tutorial. APCu and Redis are memory caching tools, which were also covered in the tutorial.

1123artc said

At this point, I figure it must be possible as people host their own sites all the time….

Some other reading I've done recommends not hosting one's own server as there are a number of disadvantages, but I'm doing this more as a learning exercise than anything, so I'll continue on that front.
That's bad advice in my opinion. A home-hosted server gives you complete physical control over your data. The only downsides are that your internet connection may not be very fast and your public IP address is liable to change.

1123artc said

Looking back at the video, the main discrepancy from my approach is that Jacob does SSH into the root at the IP address provided for Digital Ocean's VPS. That's effectively where I deviate. I guess at this point, my question is:

"Is it possible to obtain and SSH into a public IP address on a web server run from my computer at home with no additional hardware, such that I can use Let's Encrypt to get HTTPS when accessing the server?"

Alternatively, if that isn't possible:

"Is there another simple means of encrypting the private IP address of my PC to get HTTPS when accessing the server over the internet?"
Like I said, you have a public IP address. You need to find out what that is (very easy to do, just search for it and use any of the tools listed.) Personally, I would register yourself a domain name to make things easier, and set an A record pointing the domain name to your home's IP address; that way, if/when your home's IP address changes (because ISPs don't usually guarantee static IPs for residential connections), you can log into your domain registrar and update the IP address while keeping the domain name the same. Alternatively, if your IP changes too often, there are a number of dynamic DNS resolvers that will basically check what your public IP is periodically (from one of your local machines) and update your domain name for you.

1123artc said

Following the NOTS video on "Setting up a home web server", I was made aware of port forwarding. Researching more into this now.
Once you've figured out your public IP address, you will need to go into your router and set a port forward for ports 80 and 443 pointing to the private IP address of your web server. That's how your router knows which device to forward unsolicited requests for those ports to. I can't give specific details on that because it's different for every router, but basically, you should find a settings screen where you can select the outside port (80 and 443, both TCP and UDP for simplicity although HTTP/HTTPS use TCP) and the private IP address (what your web server thinks its IP address is.)

I know that's a lot of info, and I also just had to re-type a lot of it because I lost the post I was working on (I guess I need to do some UX research on my website, because right now clicking "whisper" on a post completely trashes anything in the quick reply field.) Let me know if you understand all of that or if you have further questions about any of it. When I used to home-host my Nextcloud server, I had cloud.nerdonthestreet.com resolving to my home's public IP address, and then my router had port forwarding for 80 and 443 sending requests to my web server, which was usually running Debian.
Online now: No Back to the top

Post

Posted
Rating:
#293
Avatar
NOTS Staff
Just wanted to add one more thing, it looks like you will need to acquire a domain name to use one way or another, because Let's Encrypt does its verification based on your domain name (basically, "can you prove that you control this domain name? If so, we will issue you a certificate for it.")

You could do that by purchasing one from a registrar like Hover (you can save $2 if you use hover.nots.co), or another registrar like GoDaddy (which will try to upsell you on anything and everything) or Network Solutions or anything else. If you don't want to shell out the ~$13/year, you could try doing it with a free dynamic DNS resolver like noip.com, or using a free domain registrar like dot.tk (I used .tk for Nerd on the Street in the very beginning, but that was before Let's Encrypt existed, so I don't know how they will work together.)

My personal recommendation is to just get a domain name, because it will make things easier for you unless your ISP changes your public IP address ridiculously often, in which case something like NoIP may be necessary.
Online now: No Back to the top

Post

Posted
Rating:
#294
Avatar
Standard member
Hi Jacob,

No worries, and congrats on the new job! Thanks for the confirmation that I can host this on my own as the first thing I wanted to make sure was that I wasn’t on a wild goose chase. I’ve read through your comments and I definitely have a better understanding of what steps to take now.

I should have clarified regarding the error message I got when setting up Let’s Encrypt. I have purchased my own domain name, and I used it appropriately when editing the 000-default.conf file. I just used the “mydomain.com” in my post as a replacement within the error message.

Good to know you hosted your own server for years, and that it isn’t necessarily a impractical idea. I’ve also heard the mantra that “if you can’t fix it, you don’t own it” and figured I’d prefer to set it up myself.

I was under the impression I wouldn’t be able to use the public router IP address, so that’s good to know for sure that I can. As I said I’ve got my domain name, and following your tutorial, I learned how to point it to an IP address. I’ll have to do some tests to see if I can get my router IP address to remain static, but if not I’ll look more into dynamic DNS resolvers.

I was able to log into my router last night and figure out how things work. I’ll have to spend some more time on port forwarding to set it up correctly.

Thanks again – your help is much appreciated!
Online now: No Back to the top

Post

Posted
Rating:
#295
Avatar
NOTS Staff

1123artc said

I was under the impression I wouldn’t be able to use the public router IP address, so that’s good to know for sure that I can. As I said I’ve got my domain name, and following your tutorial, I learned how to point it to an IP address. I’ll have to do some tests to see if I can get my router IP address to remain static, but if not I’ll look more into dynamic DNS resolvers.

Some ISPs don't really like people hosting things, but Charter/Spectrum and AT&T were both fine with it when I was doing it. The best thing to do is to just do it and see if you hear from them. I used to hear that IP addresses changed often for residential connections, but Charter/Spectrum only changed mine once or twice in the 4 years that I was hosting NOTS servers at that home. Your best bet to avoid having your public IP change is to avoid rebooting your modem and avoid releasing/renewing your IP on your router (so, basically, the exact opposite behavior of if you wanted to intentionally get your IP changed.) I used NoIP briefly, but I don't remember much about it, as that was before I purchased nerdonthestreet.com (before it was available for purchase, actually) and I was only using it for a Minecraft server.

1123artc said

I was able to log into my router last night and figure out how things work. I’ll have to spend some more time on port forwarding to set it up correctly.

Yep, TCP Port 80 is used for HTTP and TCP Port 443 is used for HTTPS. You can find lists of common ports online, in case you ever want to host any other services (although some ISPs block things like email ports; Charter/Spectrum only allowed outgoing home-hosted email through their designated gateway, ostensibly to prevent spam.) Like I said, it just needs to point to the private/internal IP of your web server. Your router actually tracks every outgoing connection you make in order to route responses to the correct devices, but when it receives unsolicited traffic, it doesn't know which internal device to route it to until you set up port forwarding.

What's going on is actually called Port Address Translation (PAT), also called NAT Overload (older versions of NAT were designed to translate many internal IPs to X number of external IPs, where only X number of people can have connections open at once; PAT is generally used when you only have a single external IP, as is the case with home connections, and allows thousands of simultaneous connections from the same IP.) When you connect to nerdonthestreet.com, your router sends a packet with a random source port and a destination port of 80, and NOTS replies with source port 80 and the destination port set to whatever your random source port was. Port forwarding kind of sidesteps that process; when you connect to your own domain name from outside, you're using a destination port of 80, and when your web server responds, it's using a source port of 80, which is the only time you'll actually see outgoing traffic from your home connection on port 80… generally, only one device on your network can be bound to port 80 at a time, hence the port forwarding to a single private IP so your router knows where port 80 is served from. (This example was for HTTP, all the 80's are 443's for HTTPS.)

That last paragraph wasn't really necessary, but I'm glad that I typed it, because I remembered that you might not be able to connect to your domain name from inside your network! If your domain name is set to your public IP and you can ping it from outside your network but not from inside, the easiest solution is to edit your hosts file and tell your computer to resolve your domain name to the private IP address instead. (I assume your ISP and/or your router gets confused when it tries to send a NAT-ed packet from your public IP to your public IP; setting the hosts file avoids that by telling your computer to go directly to your web server without touching the internet.) Just do a web search for "Linux hosts file," or "Windows hosts file" if you're using Windows.

Sorry for the rant in the middle there, but I'm glad to help. Hope you get everything up and running how you want it.
Online now: No Back to the top

Post

Posted
Rating:
#299
Avatar
Standard member
Thanks for all the help - I've had it up and running well for a couple days. No problem with the public IP address changing but I'll keep an eye on it. I've seen a lot of talk about DuckDNS as well for dynamic DNS, which seems to be growing in popularity compared to NoIP.

I just wound up forwarding both 80 and 443, but I also used the option with Let's Encrypted to redirect to HTTPS so I guess it should all go through 443. Thanks for noting that about connecting to my domain from within my network. I haven't had any problems yet, but I also use a VPN on my other devices so maybe that has some impact.

For others who happen to come accros this, my setup is with Ubuntu Server 18.04, manually installed LAMP, a domain pointing to my router external IP address with Let's Encrypt redirected to always be HTTPS, and port forwarding in my router with both port 80 and port 443 pointing to my web server private IP address. Essentially followed the NOTS tutorial but hosting from a physical server at my home and port forwarding.

Again, thanks for the help!
Online now: No Back to the top
1 guest and 0 members have just viewed this.