ive anabled a port forward on port 80 (TCP/UDP) to my server, but i still cant acess it. i know its unsafe to just open a port like that, this is temporary, just wanna see if it works. ill put a reverse proxt and https on it later
Absolutely do not expose your server on port 80. Http is unencrypted, you’d be sending your login credentials in plaintext across the open internet. That is Very Bad™. If you own a domain name, you can set up a letsencypt cert fairly easily for free. Then you could expose 443 and at least your traffic will be encrypted in transit. It won’t solve the other potential issues of exposing your instance like brute force or ddos attacks, but I’d consider it a bare minimum.
If you use a VPN like many others are suggesting it won’t matter as much because the unencrypted traffic never leaves your local network.
As a side note: you not technically need a domain or a let’s encrypt certificate to enable https. As a test you can create your own certificate, and use that for https (snake-oil certificate).
This is not appropriate for longer-term usage. If you want to run websites on the Internet long-term, you should buy a domain and get a lets-encrypt certificate.
Technically true but I wouldn’t suggest using a self signed cert on the internet under any circumstances.
Afik nextcloud runs only on https, so 443 would be more suitable. I use wiregurd tho
Tailscale.
You can run clients on all your devices. Or if you want easier access, use the Funnel feature.
Tailscale Funnel lets you expose a local service, file, or directory to the entire internet, using what is effectively a VPN, except they don’t have to use a VPN (TS hosts an endpoint they connect to, then encrypt that traffic into your Tailscale network).
How have you tested this? You need to use the external IP address of your router (public ip) to open it. And you need to test that from another internet connection. Also make sure the browser is actually trying to open an http connection to port 80. Some modern browsers / addons try to prefer https on port 443 instead and that wouldn’t be reachable. Does a ping work? What’s the exact error message? The port forward could be wrong. Needs to be port 80 (TCP) towards the internal device where nextcloud runs, to the port where it runs on that machine (could be 80, too). It could also be blocked by your provider, or your specific provider doesn’t allow port forwards. Or you ran into issues with the shift to IPv6 addresses. Maybe your provider has some strange setup. Try if you can ping your router from external first. And try the canyouseeme.org mentioned in the other comment. That’s good advice.
how do I check?
Sorry, 10.x.x.x is a private IP address range. That can’t be reached from the internet.
Maybe try one of the services that display your IP like https://www.showmyip.com/ or the one mentioned earlier: canyouseeme.org , that one also shows your IP.
I have little info to work on. There are many different providers around the world with very different setups. Some are suitable for port forwarding, some arent. (You could sit behind a Carrier Grade NAT, which makes port forward difficult to impossible.) But you need to figure out your IP first.
All I can say, I run something like you describe… Nextcloud, a reverse proxy and a few other services. I did some port forwards, got a domain that points to my IP and it works fine.
Edit: I use YunoHost on my computer. Its a Linux distribution for selfhosting. I think its a good choice to get your feet warm or if you want a low maintenance setup. It includes Nextcloud and many other services.
But you have to figure out how to access your computer from outside. Either you get your IP and the port forward running, or you have to use a service like pagekite.net or you get a VPN running like almost everyone else here wants to convince you to use. I don’t think a VPN is a good idea except if you only want to use it by yourself and not use all the collaborative features of nextcloud.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| CGNAT | Carrier-Grade NAT |
| IP | Internet Protocol |
| NAT | Network Address Translation |
| TCP | Transmission Control Protocol, most often over IP |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
6 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.
[Thread #441 for this sub, first seen 19th Jan 2024, 23:25] [FAQ] [Full list] [Contact] [Source code]
