1
submitted 11 months ago by Seabhag@alien.top to c/main@selfhosted.forum

Hey all, I'd love some more eyes on this problem I've been having.

Context:

  • I'm behind a CGNAT.
  • I have a domain
  • I have VPN with a dedicated IP
  • My DNS records are pointed at that dedicated IP
  • I have a TP_Link A8 Router, and a Surfboard DOCSIS 3.1
    • Router has Bonded light
  • I'm running a server with Proxmox VM
    • It works amazing locally

Goal(s):

  • Use NextCloud/OwnCloud
    • Ability to access NC/OC from outside local network
    • Being able to use domain name instead of dedicated IP when accessing page

Actions:

  • Install a Debian 12 VM (or LXC depending upon attempt)
  • Update package repositories
  • Add user to sudoers file
  • Install UFW
  • Install VPN application
  • Enable UFW
    • Deny ALL but 40,443
  • Install Docker Engine
  • Enable VPN
  • Install Cosmos Server
    • Go through initial setup
      • Configure domain as Dedicated IP
  • Here my attempts just hang.
    • I have tried this using NGINX Reverse Proxy
    • I have tried this using Apache2 as a reverse proxy

Technical Information

  • Port scanning options see ports as open
  • SSL certificate application (letscrypt) hangs

I have also followed the 'how to' https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html from Nextcloud, using manual installation, and can install it, but when I get to the letscrypt stage, I can never get it to complete. I've tried the AIO as well. as the Docker image.

The issue is always with SSL/connecting from the outside. I can access it locally, but that doesn't help me leave commercial clouds behind!

I've included my network diagram of what I *think* is going on

https://preview.redd.it/xt1o7o4aez1c1.png?width=1148&format=png&auto=webp&s=ff7c8bfef0cc612ce80505a0ffa63dd9a2e04953

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[-] weischin@alien.top 1 points 11 months ago

You can use Let's Encrypt DNS authentication to get an SSL without using any ports. The idea is to insert a CNAME of a string of text to your DNS to verify that you own the domain, thus getting the certificate issued. Google for that and there should be a guide for the OS that you use.

[-] spottyPotty@alien.top 1 points 11 months ago

sudo certbot certonly --manual --preferred-challenges dns -d

And it's a TXT record that you need to add.

load more comments (1 replies)
this post was submitted on 23 Nov 2023
1 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS