Port Forwarding

[albrechtar]

I have a question with regards to port forwarding. I followed your instructions and when I attempt to check my ports are forwarding I get a timeout error. I am using a NetGear X8 with DD-WRT flashed on it.

I forwarded both 80 and 443 to my static IP for the pi. I contacted my ISP to ensure they are not blocking any ports (they informed me they are not). I am not sure what I am doing wrong. I am running a modem/router in full bridged mode and my router behind it.

I am certain I have set up the port forwarding rules properly with the name (can be anything as I understand), the port to forward from i.e. 80 and the port to forward to i.e. 80, and then the static ip of my pi.

I used sudo reboot for my pi, and rebooted my router after clicking enable on the port forwarding rule and apply changes.

ny guidance or information you may have would be greatly appreciated. Also may I use a RAID drive as my drive and just plug it into the USB port on my pi (it has its own power source of course). Thank you, and this was by far the best tutorial I have seen for setting up NextCloud with my Pi.

AL

What version of NextCloudPi are you using? ( eg: v0.17.2 )

What is the base image that you installed on the SD card? ( eg: NextCloudPi_07-21-17 )

Expected behavior

Actual behaviour

Steps to reproduce, from a freshly installed image

Include logs

Nextcloud logs

``` Login as admin user into your Nextcloud and copy here the logs from https://example.com/index.php/settings/admin/logging If you don't have access to the web interface, open a terminal session and paste the last 100 lines of /var/www/nextcloud/data/nextcloud.log ```

Apache logs

``` Paste the output of `systemctl status apache2` Paste the output of `tail -n 100 /var/log/apache2/*.log` ```

mariaDB logs

``` Paste the output of `systemctl status mysqld` Paste the output of `tail -n 100 /var/log/mysql/*.log` ```

[albrechtar]

@Pant Yes I spoke to the VPN provider they can port anything as long as it is above 2048. But Ill worry about that next first Ill get it running normally without the VPN and then we can work the VPN. Once I am home today I will try and reset the router.

[albrechtar]

@nachoparker and @Pant. Ok I finally got this working, very strange (or at least to me). I will send you some screen shots. So I did the following:

1. Verified with my ISP they are not blocking any ports.
2. Hard reset my DD-WRT router.
3. Reconfigured router (without firewall and without any VPN (as we already know that would create an issue as Pant had mentioned).
4. Still had issues. I again noticed my WAN IP in my router was diffrent from what shows up when I attempt to do a port test. I used port test on my laptop (mac network utility) and used the WAN address my router showed with success.
5. I then updated my noip with that address and attempted to access NCloud although slow at first it worked and seems to be working well so far.

I am unsure why the IPs are different? Should my public IP not be the same as my WAN IP? I also requested a static IP from my ISP and they should call back in an hour (or so they say). This should then alleviate the need for DDNS correct?

I just wanted to get back with you and get your thoughts on that, as well and more importantly to update you in the event someone else has that issue. I really do appreciate all your help guys. You are providing a great service and invaluable for anyone with cloud storage needs.

[nachoparker]

great, good job!

[nachoparker]

This should then alleviate the need for DDNS correct?

Correct, but it is still nice to be able to access by domain name, even if your IP doesn't change.

[albrechtar]

@nachoparker Thank you. I still am not sure why the different IPs... Again thank you for all your help, as I know you didint need to help on this as it was not directly related to NCloudPi

[albrechtar]

@nachoparker @Pant

Guys another update, so although I thought I was good to go I was not. I did a traceroute and noticed I had two 10.X.X.X hops after leaving my router. So I was thinking perhaps double NAT as 10 is a private address. Called back to my ISP, and got a tech that was pretty sharp. He knew exactly what was going on. He said they are still providing NAT from thier side it needs to be disabled they should have done it when you placed our router into bridged mode. Reset my router and their modem. Checked and both my router WAN and my public IP match now. Checked my port on the site you provided and low and behold it works.

Before although I was using my domain name to access it was still only local when I attempted access via my phone it failed. Again guys thanks. I just wanted to update again so you and Pant do not have to go through all this with someone else in the future. It is working great now.

[Pant]

You are welcome! Glad we've helped!

[albrechtar]

@Pant @nachoparker Hello guys, sorry to trouble you again. I am trying to put SSL certs onto NCloudPi and I have both txt files domain-key and domain-crt. I am unsure exactly what I should do with them. I think I need to update the /etc/apache2/sites-available/nextcloud.conf file and change the file names (that currently point to the snakeoil pem and key? And then do I need to go into the /etc/ssl/private dir but then I am unsure if I would just create a new file there and if so which file should be associated to the crt, or the key? The crt file looks just like it has two keys in the same file.

I was able to get the files with DNS verification, that was rather easy. I would also need to change my ports but I think I found the answer for that on the netcloud forums. So I will need to update my certs manually which im ok with, once I understand how to properly do that :)

Changing port settings: Edit /etc/apache2/ports.conf a. Change the port numbers as required or add new Edit /etc/apache2/sites-available/yournextcloud.conf a. Change 80/443 there to the ports in <VirtualHost *:80> (or 443) to what you specified in 1a. Restart Apache: sudo service apache2 restart

Hope you both are enjoying your weekend.

UPDATE: I was able to use both my VPN as well as port forwarding on 443 and 80. I used policy based routing and excluded the Pi from going through the VPN. One thing to note is that I had to use the CIDER extension for this to work. So instead of just doing policy based routing to 192.X.X.X I had to put it in as 192.X.X.X/32.

I was able to forward ports as well as use letsencrypt as it was designed in NCloudPi... Everything works well after updating. Again thank you guys for your help took some reading and researching but got it to work. Had it not been for the issues with port forwarding and trying to ensure my VPN would work properly this would have been a easy simple process :)

If anyone else has problems Im no IT guy (obviously) however, if there is anything I can do to help or at least to help walk you through how I was able to resolve my issue I would be more than happy to do so if you reply to this thread.

[nachoparker]

I was able to get the files with DNS verification

for let's encrypt?

Nice, can you share an outline of the steps?

[albrechtar]

UPDATE: How to get SSL certs without using Cert Bot (in case you would need to use alternate ports on your instance of NCloudPi. You would need to then manually update your SSL certs on your instance of NCloudPi.

1. You will need a domain name that allows you to point to other name servers as well as edit the DNS records. I purchased my own (most free 3rd tier domains would not allow this. So I recommend you go to namecheap.com and purchase your domain name (they have them for as low as 2.09 for the first year. Then proceed to dynu.com. Signup and then click the little gear in the top right area it will take you to your control panel(Screen Shot 1). You will also need to go to namecheap or wherever you get your domain name and add the name servers for Dynu. They have very easy to follow tutorials and instructions if you are unable to figure this out. 1a) Click DDNS services. 2a) Click Add 3a) If you have your own domain use it on the right (ScreenShot2) 4a) Enter your public ip address (I used X to block mine you would enter your full ip address), and click save. 5a) Just to the right you will see a cup with pencils in it that says DNS records you will want to click this. (ScreeenShot3, ScreenShot4).

2. Open another tab in your browser and goto zerossl.com(ScreenShot5) 2a) On the left side please click Certificates and Tools (ScreenShot6). 2b) Click Start under free SSL Certificate wizard and you will see (ScreenShot7). 2c) Enter your email address, enter your domain name (yourdomain.com) select DNS Verification and accept the TOS and SA, and click Next (ScreenShot8) 2d) You will be asked to include a www. prefix please select yes. 2e) You will see that the system generated the CSR (ScreenShot9). 2f) Click next and the system will generate the key.(ScreenShot10). 2g) You will click the download icon and download both the CSR and the KEY (ScreenShot11). 2h) Click next and you will see (ScreenShot12). 2i) Now you will need to go back to your Dynu page (remember we left it open and continue to step 3.

3. Once you are back on your Dynu page you will notice 4 items (node name, type, TTL, and hostname ScreenShot13). Please follow the below steps: 3a) Change type to be TXT -Text 3b) Node Name copy and paste your domain TXT Record from your zerossl page. 3c) Copy and paste the value field from zerossl into the text field on your dynu page(ScreenShot13). (TTL can stay at 90). 3d) Repeat step 3c for the other entry (you have two one for www. and one that is just your domain). 4d) SSH into your pi, and type nslookup -q=TXT XXX", where XXX is one of the records you just pasted into the Node name in step 3b. 5e) It will only take a minute or two and then when you run that nslookup it will show you that it sees it (I dont recall the exact wording but it was obvious). 5f) Go back to your openssl and click next. Once it verifies it will issue your account key and your domain crt files.

4. You should look at the help files on Dynu so that you can update your router to keep the DDNS up to date. I am using a DD-WRT flashed router so it was under Settings / DDNS and I had to create a custom setting (just follow the instructions on Dynu for this).

Once you have these files you have your SSL certificate and you will need to put it in the correct folder on your instance of NCloudPi. I am not 100% certain what file to place these into so I will ask @nachoparker to explain that.

I hope this helps, if anyone has any questions please feel free to message here and I will do my best to help.

[albrechtar]

[nachoparker]

that's aweeeeesome, thanks!

I am thinking we can put this on the wiki, it will be helpful

[albrechtar]

@Nacho Anything I can do to help. I was unsure where to place the certs, if you can add something for that I think we would be ok. I posted in another thread about a possible bug. Ill try and clean that up a bit as well. Maybe a video from start to finish so that people who have zero experience with ip addressing or SSH would be able to just follow along and pause.

Ill try and work on something this week for you guys, the least I can do after all the head scratching I caused for both you and Pant :) With port forwarding.

On Sun, Sep 10, 2017 at 7:24 PM, nachoparker notifications@github.com wrote:

that's aweeeeesome, thanks!

I am thinking we can put this on the wiki, it will be helpful

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nextcloud/nextcloudpi/issues/186#issuecomment-328339324, or mute the thread https://github.com/notifications/unsubscribe-auth/ASY9QQ7zUvOeai2-B3Hu13GGRGtUHX_Yks5sg9UDgaJpZM4PN0JN .

--

Alan R. Albrecht

[image: View Alan Albrecht's profile on LinkedIn] https://linkedin.com/pub/alan-albrecht/110/728/58

[nachoparker]

Maybe a video from start to finish so that people who have zero experience with ip

That would be aweeeeeeeesome.

You see, we are currently looking for help, so any ideas you have, anything you are willing to do will be great!

[nachoparker]

in the wiki!

https://github.com/nextcloud/nextcloudpi/wiki/How-to-configure-Let's-Encrypt-with-closed-ports-80-and-443

[typxyr]

I have found a script that possibly can be ported to nextcloudpi for using letsencrypt and duckdns when port 80 is blocked by ISP. I am no coder, but I have looked through it and it looks plausible.

The script is found at https://github.com/lukas2511/dehydrated/blob/master/dehydrated

The author has a tutorial for the project/script found here.

I understand this issue is closed but I didn't know if I should open an "issue" about this. Is there any way this is possible to integrate into the ncp config?

[nachoparker]

@typxyr

that's indeed very nice, thanks.

Please, open a new issue with this