NextCloud

Forum home -> Tech Talk -> View topic

Post

Posted
Rating:
#287 (In Topic #56)
Avatar
Standard member

Questions about nextcloud setup

I was following the NOTS tutorial for setting up NextCloud 15 on Ubuntu 18.04 server, but I was trying to do this on my own server as opposed to a VPS like Jacob did with Digital Ocean.

I came across a problem when trying to get Let's Encrypt for my server because I only had the private IP address of my PC, which I have now learned one cannot get SSL/TLS certificates for (I'm fairly new to the server world).

I'd like to set up my own server at a known location to run NextCloud, and then access it over the internet from other locations. Is this possible? I noticed from this page on Datamation that they only include the VPS, or LAN as options for NextCloud: https://www.datamation.com/open-source/how-to-setup-your-own-cloud-server-with-nextcloud.html. That made me think it had to either be at a home network only, or through a VPS.

Is it possible to set up my own web server for which I can then use Let's Encrypt, and have NextCloud running at my known physical location and accessible over the internet? I'm still researching this online, but have been coming up short.

Thanks in advance.
Online now: No Back to the top

Post

Posted
Rating:
#288
Avatar
Standard member
For more detail, the error I received was right after editing the 000-default.conf file to include the server name. Running "certbot –apache", while asking if I'd like to activate HTTPS for the name I used, wound up resulting in an failure after "Cleaning up challenges" stating "The server could not resolve a domain name :: No valid IP addresses found for mydomain.com".

This led me to the following: https://community.letsencrypt.org/t/no-valid-ip-addresses-found-for-my-domain/57417

Which I then figured the issue was because I was using my private IP address instead of a public one from a web server.
Online now: No Back to the top

Post

Posted
Rating:
#289
Avatar
Standard member
I figure I'll just keep posting as I find out more to let you know where I'm at.

At this point, I figure it must be possible as people host their own sites all the time.

I came across this guide: "Installing Nextcloud on Ubuntu with Redis, APCu, SSL & Apache | Jason Bayton" which outlines additional software needs that I believe weren't in the NOTS tutorial as a VPS was being used. Examples are installation of LAMP, APCu, and Redis. I'll try going through this guide when I get time.

Some other reading I've done recommends not hosting one's own server as there are a number of disadvantages, but I'm doing this more as a learning exercise than anything, so I'll continue on that front.

Let me know if you have any recommendations or if there are other things I should be considering.
Online now: No Back to the top

Post

Posted
Rating:
#290
Avatar
Standard member
Looking back at the video, the main discrepancy from my approach is that Jacob does SSH into the root at the IP address provided for Digital Ocean's VPS. That's effectively where I deviate. I guess at this point, my question is:

"Is it possible to obtain and SSH into a public IP address on a web server run from my computer at home with no additional hardware, such that I can use Let's Encrypt to get HTTPS when accessing the server?"

Alternatively, if that isn't possible:

"Is there another simple means of encrypting the private IP address of my PC to get HTTPS when accessing the server over the internet?"

Thanks again in advance.
Online now: No Back to the top

Post

Posted
Rating:
#291
Avatar
Standard member
Just adding new details for what I've learned since the last post.

Following the NOTS video on "Setting up a home web server", I was made aware of port forwarding. Researching more into this now.

Any more info is still helpful.
Online now: No Back to the top

Post

Posted
Rating:
#292
Avatar
NOTS Staff
I'm sorry it took me so long to get back to you, I started a new full-time network technician job yesterday (Monday), so I've been very busy. I'll read through your posts now and respond to any questions I see.

1123artc said

Is it possible to set up my own web server for which I can then use Let's Encrypt, and have NextCloud running at my known physical location and accessible over the internet? I'm still researching this online, but have been coming up short.
It's entirely possible to host your own Nextcloud server at home, I did this myself for years. I would actually recommend home-hosting over a VPS because it gives you more control.

1123artc said

For more detail, the error I received was right after editing the 000-default.conf file to include the server name. Running "certbot –apache", while asking if I'd like to activate HTTPS for the name I used, wound up resulting in an failure after "Cleaning up challenges" stating "The server could not resolve a domain name :: No valid IP addresses found for mydomain.com".
If that's a literal copy-paste error message, the issue is that "mydomain.com" is obviously an example domain name and not one that you control.

1123artc said

Which I then figured the issue was because I was using my private IP address instead of a public one from a web server.
To be clear, your PC (or, rather, your home internet connection) does have a public IP address. You can find it by going to DuckDuckGo and searching "what is my ip", then look at the info it returns at the top or use any of the websites in the results. Your home router performs Network Address Translation (NAT) to translate that single public IP into a separate private one for each of your devices.

1123artc said

I came across this guide: <snip> which outlines additional software needs that I believe weren't in the NOTS tutorial as a VPS was being used. Examples are installation of LAMP, APCu, and Redis.
LAMP stands for Linux, Apache, MySQL/MariaDB, and PHP. All four of those things were included in my tutorial. APCu and Redis are memory caching tools, which were also covered in the tutorial.

1123artc said

At this point, I figure it must be possible as people host their own sites all the time….

Some other reading I've done recommends not hosting one's own server as there are a number of disadvantages, but I'm doing this more as a learning exercise than anything, so I'll continue on that front.
That's bad advice in my opinion. A home-hosted server gives you complete physical control over your data. The only downsides are that your internet connection may not be very fast and your public IP address is liable to change.

1123artc said

Looking back at the video, the main discrepancy from my approach is that Jacob does SSH into the root at the IP address provided for Digital Ocean's VPS. That's effectively where I deviate. I guess at this point, my question is:

"Is it possible to obtain and SSH into a public IP address on a web server run from my computer at home with no additional hardware, such that I can use Let's Encrypt to get HTTPS when accessing the server?"

Alternatively, if that isn't possible:

"Is there another simple means of encrypting the private IP address of my PC to get HTTPS when accessing the server over the internet?"
Like I said, you have a public IP address. You need to find out what that is (very easy to do, just search for it and use any of the tools listed.) Personally, I would register yourself a domain name to make things easier, and set an A record pointing the domain name to your home's IP address; that way, if/when your home's IP address changes (because ISPs don't usually guarantee static IPs for residential connections), you can log into your domain registrar and update the IP address while keeping the domain name the same. Alternatively, if your IP changes too often, there are a number of dynamic DNS resolvers that will basically check what your public IP is periodically (from one of your local machines) and update your domain name for you.

1123artc said

Following the NOTS video on "Setting up a home web server", I was made aware of port forwarding. Researching more into this now.
Once you've figured out your public IP address, you will need to go into your router and set a port forward for ports 80 and 443 pointing to the private IP address of your web server. That's how your router knows which device to forward unsolicited requests for those ports to. I can't give specific details on that because it's different for every router, but basically, you should find a settings screen where you can select the outside port (80 and 443, both TCP and UDP for simplicity although HTTP/HTTPS use TCP) and the private IP address (what your web server thinks its IP address is.)

I know that's a lot of info, and I also just had to re-type a lot of it because I lost the post I was working on (I guess I need to do some UX research on my website, because right now clicking "whisper" on a post completely trashes anything in the quick reply field.) Let me know if you understand all of that or if you have further questions about any of it. When I used to home-host my Nextcloud server, I had cloud.nerdonthestreet.com resolving to my home's public IP address, and then my router had port forwarding for 80 and 443 sending requests to my web server, which was usually running Debian.
Online now: No Back to the top

Post

Posted
Rating:
#293
Avatar
NOTS Staff
Just wanted to add one more thing, it looks like you will need to acquire a domain name to use one way or another, because Let's Encrypt does its verification based on your domain name (basically, "can you prove that you control this domain name? If so, we will issue you a certificate for it.")

You could do that by purchasing one from a registrar like Hover (you can save $2 if you use hover.nots.co), or another registrar like GoDaddy (which will try to upsell you on anything and everything) or Network Solutions or anything else. If you don't want to shell out the ~$13/year, you could try doing it with a free dynamic DNS resolver like noip.com, or using a free domain registrar like dot.tk (I used .tk for Nerd on the Street in the very beginning, but that was before Let's Encrypt existed, so I don't know how they will work together.)

My personal recommendation is to just get a domain name, because it will make things easier for you unless your ISP changes your public IP address ridiculously often, in which case something like NoIP may be necessary.
Online now: No Back to the top

Post

Posted
Rating:
#294
Avatar
Standard member
Hi Jacob,

No worries, and congrats on the new job! Thanks for the confirmation that I can host this on my own as the first thing I wanted to make sure was that I wasn’t on a wild goose chase. I’ve read through your comments and I definitely have a better understanding of what steps to take now.

I should have clarified regarding the error message I got when setting up Let’s Encrypt. I have purchased my own domain name, and I used it appropriately when editing the 000-default.conf file. I just used the “mydomain.com” in my post as a replacement within the error message.

Good to know you hosted your own server for years, and that it isn’t necessarily a impractical idea. I’ve also heard the mantra that “if you can’t fix it, you don’t own it” and figured I’d prefer to set it up myself.

I was under the impression I wouldn’t be able to use the public router IP address, so that’s good to know for sure that I can. As I said I’ve got my domain name, and following your tutorial, I learned how to point it to an IP address. I’ll have to do some tests to see if I can get my router IP address to remain static, but if not I’ll look more into dynamic DNS resolvers.

I was able to log into my router last night and figure out how things work. I’ll have to spend some more time on port forwarding to set it up correctly.

Thanks again – your help is much appreciated!
Online now: No Back to the top

Post

Posted
Rating:
#295
Avatar
NOTS Staff

1123artc said

I was under the impression I wouldn’t be able to use the public router IP address, so that’s good to know for sure that I can. As I said I’ve got my domain name, and following your tutorial, I learned how to point it to an IP address. I’ll have to do some tests to see if I can get my router IP address to remain static, but if not I’ll look more into dynamic DNS resolvers.

Some ISPs don't really like people hosting things, but Charter/Spectrum and AT&T were both fine with it when I was doing it. The best thing to do is to just do it and see if you hear from them. I used to hear that IP addresses changed often for residential connections, but Charter/Spectrum only changed mine once or twice in the 4 years that I was hosting NOTS servers at that home. Your best bet to avoid having your public IP change is to avoid rebooting your modem and avoid releasing/renewing your IP on your router (so, basically, the exact opposite behavior of if you wanted to intentionally get your IP changed.) I used NoIP briefly, but I don't remember much about it, as that was before I purchased nerdonthestreet.com (before it was available for purchase, actually) and I was only using it for a Minecraft server.

1123artc said

I was able to log into my router last night and figure out how things work. I’ll have to spend some more time on port forwarding to set it up correctly.

Yep, TCP Port 80 is used for HTTP and TCP Port 443 is used for HTTPS. You can find lists of common ports online, in case you ever want to host any other services (although some ISPs block things like email ports; Charter/Spectrum only allowed outgoing home-hosted email through their designated gateway, ostensibly to prevent spam.) Like I said, it just needs to point to the private/internal IP of your web server. Your router actually tracks every outgoing connection you make in order to route responses to the correct devices, but when it receives unsolicited traffic, it doesn't know which internal device to route it to until you set up port forwarding.

What's going on is actually called Port Address Translation (PAT), also called NAT Overload (older versions of NAT were designed to translate many internal IPs to X number of external IPs, where only X number of people can have connections open at once; PAT is generally used when you only have a single external IP, as is the case with home connections, and allows thousands of simultaneous connections from the same IP.) When you connect to nerdonthestreet.com, your router sends a packet with a random source port and a destination port of 80, and NOTS replies with source port 80 and the destination port set to whatever your random source port was. Port forwarding kind of sidesteps that process; when you connect to your own domain name from outside, you're using a destination port of 80, and when your web server responds, it's using a source port of 80, which is the only time you'll actually see outgoing traffic from your home connection on port 80… generally, only one device on your network can be bound to port 80 at a time, hence the port forwarding to a single private IP so your router knows where port 80 is served from. (This example was for HTTP, all the 80's are 443's for HTTPS.)

That last paragraph wasn't really necessary, but I'm glad that I typed it, because I remembered that you might not be able to connect to your domain name from inside your network! If your domain name is set to your public IP and you can ping it from outside your network but not from inside, the easiest solution is to edit your hosts file and tell your computer to resolve your domain name to the private IP address instead. (I assume your ISP and/or your router gets confused when it tries to send a NAT-ed packet from your public IP to your public IP; setting the hosts file avoids that by telling your computer to go directly to your web server without touching the internet.) Just do a web search for "Linux hosts file," or "Windows hosts file" if you're using Windows.

Sorry for the rant in the middle there, but I'm glad to help. Hope you get everything up and running how you want it.
Online now: No Back to the top

Post

Posted
Rating:
#299
Avatar
Standard member
Thanks for all the help - I've had it up and running well for a couple days. No problem with the public IP address changing but I'll keep an eye on it. I've seen a lot of talk about DuckDNS as well for dynamic DNS, which seems to be growing in popularity compared to NoIP.

I just wound up forwarding both 80 and 443, but I also used the option with Let's Encrypted to redirect to HTTPS so I guess it should all go through 443. Thanks for noting that about connecting to my domain from within my network. I haven't had any problems yet, but I also use a VPN on my other devices so maybe that has some impact.

For others who happen to come accros this, my setup is with Ubuntu Server 18.04, manually installed LAMP, a domain pointing to my router external IP address with Let's Encrypt redirected to always be HTTPS, and port forwarding in my router with both port 80 and port 443 pointing to my web server private IP address. Essentially followed the NOTS tutorial but hosting from a physical server at my home and port forwarding.

Again, thanks for the help!
Online now: No Back to the top

Post

Posted
Rating:
#336
Avatar
Standard member
Hi Jacob,
Can I chime in here and ask for some advice?
I'm basically stuck on a similar issue. I have a domain name and have found my static IP that I get from my ISP. I have set my Ubuntu machine to a static internal IP.
The problem is that I haven't opened ports 80 and 443 on my router and when I do I get an error that my router admin software uses port 80, so it won't allow me to port forward 80 to my Ubuntu machine's internal IP.
So basically I haven't proceeded past about minute 20 of your Youtube video (which is great by the way)

Also, I'd like to describe my preferred final set-up before proceeding;
I'd like to access my nextcloud instance at nextcloud.mydomain.com/ and have mydomain.com/index.xxx available for something else (maybe just a website that my daughter and I build together so we can learn stuff).

Following my guide I have installed nextcloud into the /var/www/html directory and I need to figure out now if it should be configured differently to be accessed from nextcloud.mydomain.com.

*** OK bit of an update. I figured out how to move my router off port 80 for its admin, and I set up port forarding for ports 80 and 443 and now I can see my nextcloud installation from going to mydomain.com.
Like Jacob I ma using Hover as my registrar but I can't get anything to show up for making an A record for nextcloud.mydomain.com.

Hope you can help

Last edit: by _HC1_dude

Online now: No Back to the top

Post

Posted
Rating:
#337
Avatar
NOTS Staff

_HC1_dude said

*** OK bit of an update. I figured out how to move my router off port 80 for its admin, and I set up port forarding for ports 80 and 443 and now I can see my nextcloud installation from going to mydomain.com.
Like Jacob I ma using Hover as my registrar but I can't get anything to show up for making an A record for nextcloud.mydomain.com.
Hi there! In Hover, go to your domain, DNS, Add A Record, and set Type to "A" and Hostname to, e.g., "nextcloud" if you want nextcloud.mydomain.com, with the IP address set to the same static IP you were already using.

For configuration of the subdomain on the web server side, take a look at the setup for my Wordpress video: https://nerdonthestreet.com/episode/tech/installing-wordpress-on It's called "virtual hosts" in Apache.
Online now: No Back to the top

Post

Posted
Rating:
#338
Avatar
Standard member
Thanks Jacob,
I'll have another try and making that happen but when I did it before and pinged next cloud.mydomain.com the IP that returned was the Hover IP for parked domains, but pinging mydomain.com returned my IP. I'll try again and check my steps.
Also, I'll check out your suggested video but it sounds like I don't necessarily need to move my next cloud install out of /var/www/html?

_HC1_dude
Online now: No Back to the top

Post

Posted
Rating:
#339
Avatar
NOTS Staff

_HC1_dude said

I'll have another try and making that happen but when I did it before and pinged next cloud.mydomain.com the IP that returned was the Hover IP for parked domains, but pinging mydomain.com returned my IP. I'll try again and check my steps.

DNS changes can take hours to propagate, although Hover is usually pretty quick in my experience. If you have two records pointing to the same IP address in the Hover control panel, then they should return the same IP address when you ping them.

_HC1_dude said

Also, I'll check out your suggested video but it sounds like I don't necessarily need to move my next cloud install out of /var/www/html?

If you already have Nextcloud set up, you don't need to move it out of /var/www/html, but you'll want to create another folder in /var/www/<other> for whatever other website you're setting up. You'll just need to make sure the appropriate ServerName/ServerAlias and Directory options are set up in your virtual host configurations. For example:

— nextcloud.conf —
ServerName - cloud.yourdomain.com
Directory - /var/www/html

— www-default.conf —
ServerName - yourdomain.com
ServerAlias - www.yourdomain.com
Directory - /var/www/<other-CMS>
Online now: No Back to the top

Post

Posted
Rating:
#346
Avatar
Standard member
Hi jacobgkau, greetings from Venezuela, I like all your example videos, I have a lot of affinity for the Linux operating system, however I wanted to know if you can help me create sub-domains in ubuntu server 18.04 TLS?

Now configure the nextcloud server integrated with collabora online, and I would like to take advantage of the resource to add other applications as sub-domains without damaging the initial installation.
Thank you,

Fernando Hernandez
Online now: No Back to the top

Post

Posted
Rating:
#347
Avatar
NOTS Staff

tecnotuy said

Hi jacobgkau, greetings from Venezuela, I like all your example videos, I have a lot of affinity for the Linux operating system, however I wanted to know if you can help me create sub-domains in ubuntu server 18.04 TLS?

Now configure the nextcloud server integrated with collabora online, and I would like to take advantage of the resource to add other applications as sub-domains without damaging the initial installation.
Thank you,

Fernando Hernandez

Hi Fernando,

You can configure additional subdomains using the same process that you used for Nextcloud and Collabera: create a directory, make a new configuration file in /etc/apache2/sites-available pointing to that directory, and enable the new site with the "a2ensite" command.
Online now: No Back to the top

Post

Posted
Rating:
#355
Avatar
Standard member
Hi Jacob,
What linux distro are you using in the "How to install Nextcloud 15" video. It looks really cool. Also I'm having issues with uploading to nextcloud. the fastest it will upload a file at is around 35mb/s if I'm lucky. Is there a setting I need to adjust to make it upload faster. I have a windows server  on the same hypervisor that I can upload the same file at 100mb/s so I think there is something wrong with my nextcloud or apache configurations. The installation of Nextcloud worked great! I just thought you might be able to help me fix this problem or something.
Thanks,
Online now: No Back to the top

Post

Posted
Rating:
#356
Avatar
NOTS Staff

fredericksun said

Hi Jacob,
What linux distro are you using in the "How to install Nextcloud 15" video. It looks really cool. Also I'm having issues with uploading to nextcloud. the fastest it will upload a file at is around 35mb/s if I'm lucky. Is there a setting I need to adjust to make it upload faster. I have a windows server  on the same hypervisor that I can upload the same file at 100mb/s so I think there is something wrong with my nextcloud or apache configurations. The installation of Nextcloud worked great! I just thought you might be able to help me fix this problem or something.
Thanks,

Hello Fredericksun,

I was using Arch Linux with KDE Plasma in that video! As for upload speed, I would ask the Nextcloud folks about that. What protocol or application are you using on Windows Server for comparison? Are you able to achieve greater speeds with SFTP or FTP on the Linux server?
Online now: No Back to the top

Post

Posted
Rating:
#366
Avatar
Standard member
Hi,
I just joined. I watched your videos on installing onlyoffice next to next cloud and also the earlier one on Collabora Online (CODE).
I have a question that I hope you can help me with. I will make a contribution to your site.

I have word press site on a SiteGround host site and separately I have a Linode. On the Linode I have Mattermost and Nextcloud ( both using nginx) with using subdomain from the Word Press site domain name. I installed OnlyOffice Document Server (not docker container), I did not change the port before installing thinking I can redirect correctly in config files. However, I am not sure, should I have changed the port to something else like 81?  If I should change the port what are the config files that I would have to edit. Also what should basically be in the /etc/nginx/sites-available/onlyoffice config file to direct the onlyoffice subdomain call to the DocumentServer?

Thanks,
Dennis
Online now: No Back to the top

Post

Posted
Rating:
#367
Avatar
NOTS Staff

dworthem said

I have word press site on a SiteGround host site and separately I have a Linode. On the Linode I have Mattermost and Nextcloud ( both using nginx) with using subdomain from the Word Press site domain name. I installed OnlyOffice Document Server (not docker container), I did not change the port before installing thinking I can redirect correctly in config files. However, I am not sure, should I have changed the port to something else like 81?  If I should change the port what are the config files that I would have to edit. Also what should basically be in the /etc/nginx/sites-available/onlyoffice config file to direct the onlyoffice subdomain call to the DocumentServer?

Since you were already using NGINX (which should own ports 80 and 443 on your Linode), and OnlyOffice uses NGINX, you might be able to get away with running OnlyOffice on port 80. What does the NGINX config file for OnlyOffice look like right now? You should be able to set the OnlyOffice subdomain using the server_name directive in the NGINX config file. I don't have an OnlyOffice server running right now, so you'll need to show what the current config file looks like if you want any specific help.
Online now: No Back to the top
1 guest and 0 members have just viewed this.