Question Reverse Proxy

[akahan]

Try, if you haven’t, rebooting the disk station on which the reverse proxy was set up. Also try accessing from a different machine from outside your LAN.

 

[DeltaGolf]

I can access my DSM using my domain name and port number. There's no RP or virtual hosts there. If I delete all the RPs and VH and Apache redirect, what are the odds I'll get to Nextcloud using the domain name and port 8080?

 

[Rusty]

Yes.
<goes away, checks>
Defiantly!

Tested this outside your lan as well? But the main question here, considering that there is so much info already, is your RP for NC working on 443 if you explicitly direct it to https?

 

[DeltaGolf]

Also try accessing from a different machine from outside your LAN.

Accessing from the same machine outside the LAN is the same. Rebooting the DSM now...

 

[DeltaGolf]

But the main question here, considering that there is so much info already, is your RP for NC working on 443 if you explicitly direct it to https?

Which is the one which chocked DSM on save.

You'll have to trust the domain is correct!

 

[DeltaGolf]

is your RP for NC working on 443 if you explicitly direct it to https?

Or maybe you asking what happens if I type https://nextcloud.myserver.tld. It goes to the Synology page. And https://server.mydomain.tld:8080, Safari can't establish a secure connection to the server server.mydomain.tld. But I can access port 1234 for DSM.

 

[Rusty]

That means that RP is the probelm. You need to tackle one problem at a time. If you are unable to get RP via 443 to work on https then thats the 1st thing that you need to fix.

 

[DeltaGolf]

That means that RP is the probelm.

OK, I've deleted the HTTPS RP (as shown above) and recreated it. No problem saving this time but no change in result.

Can I break this down more? I'm trying to do three things here. Close port 8080 from the outside world, use a subdomain and ensure http requests are sent to https.

Otherwise I'm not sure how to fix the https to https RP.

 

[DeltaGolf]

Can I break this down more?

I've deleted all the Reverse Proxy and Virtual Host stuff, deleted then reinstalled MariaDB, phpMyAdmin and Nextcloud.

I can access phpMyAdmin and Nextcloud at their ports - 192.168.1.2:8080 and 8081.
I can access DSM at 192.168.1.2:1234 although I do get a certificate warning and have to 'trust' the address.
I can access DSM at myserver.mydomain.tld:1234 (securely)
I can access the default DSM web page at myserver.mydomain.tld (securly)

So myserver.mydomain.tld:<portnumber> works and I do have ports 8080 and 8081 open on the router.

Then why can't I access Nextcloud at myserver.mydomain.tld:8080 or phpMyAdmin at myserver.mydomain.tld:8081?

Safari can’t open the page “https://192.168.1.2:8080” because Safari can’t establish a secure connection to the server “192.168.1.2”

 

[Rusty]

Then why can't I access Nextcloud at myserver.mydomain.tld:8080 or phpMyAdmin at myserver.mydomain.tld:8081?

So looks like you are not using RP in this case but accessing your services directly? Whats the real error/outcome in this case?

Safari can’t open the page “https://192.168.1.2:8080” because Safari can’t establish a secure connection to the server “192.168.1.2”

Completely correct. You are using https protocol to access your services using an IP address that is not covered by your SSL cert/domain name. Most browsers nowadays will report this problem and not allow a connection

 

[DeltaGolf]

Whats the real error/outcome in this case?

Safari can’t open the page “https://myserver.mydomain.tld:8080” because Safari can’t establish a secure connection to the server “myserver.mydomain.tld”

You are using https protocol to access your services using an IP address that is not covered by your SSL cert/domain name. Most browsers nowadays will report this problem and not allow a connection

I do have a certificate for myserver.mydomain.tld so even if I get the block for the IP address, why also for the FQDN?

But this also happens when I request http://myserver.mydomain.tld:8080. I get redirected to https. Why how and why? I've deleted the Reverse Proxies and Virtual Host.

I've tried to take a step back to see what the problem is, I'm just as confused. I can access my DSM using either the IP or FQDN and port number. I can access Nextcloud via the LAN IP and port, but not the FQDN and port. The FQDN has a certificate. If I can access one port, why not another? (Yes, open on the router!)

Can I take another step back?

 

[DeltaGolf]

Meanwhile, in DSM Network -> DSM Settings I've unticked the 'automatically redirect HTTP to HTTPS for DSM'. I've opened the HTTP port on my router and when I request http://myserver.mydomain.tld:1233 I get sent to an https error (as above).

So, how am I being redirected to https when requesting http?

 

[fredbert]

Have you enable HSTS for the reverse proxy rule? That should direct any HTTP to HTTPS.

As for the certificate, have you assigned the right certificate to this reverse proxy? In Control Panel -> Security -> Certificates there's a Configure button that open a list for assigning certificates to services.

 

[DeltaGolf]

Have you enable HSTS for the reverse proxy rule? That should direct any HTTP to HTTPS.

Not at the moment. I've disabled all the proxies and forwards to try and establish where my problem originates. So although I have no HTTP to HTTPS forwards set up, I keep getting forwarded to HTTPS when requesting a HTTP page.

In Control Panel -> Security -> Certificates there's a Configure button that open a list for assigning certificates to services.

It's not set up at the minute but as I recall the certificate was assigned to the subdomain 'nextcloud'.

Right now I don't understand why myserver.mydomain.tld:1234 gets me to my DSM web interface (securely) while myserver.mydomain.tld:8080 does not get me to my Nextcloud pages. I kinda feel I want to solve or understand that before I move on to set proxies and virtual hosts. Otherwise how do I know where the problem lies?!

I appreciate everyone taking the time to read and respond. Frustratin' innit!

 

[kiriak]

could it be a problem with trusted domains in nextcloud's configuration file?

 

[DeltaGolf]

Some progress by following this German website and creating my Reverse Proxies as shown I get to my nextcloud.mydomain.tld page as a secure page.

I don't have a Virtual Host. What am I (not) missing?

Now all I have to do is tell the Nextcloud config.php about my subdomain as at the minute it's complaining about the untrusted host.

So just another thread, 78 post and three days to go and we should be sorted

 

[DeltaGolf]

could it be a problem with trusted domains in nextcloud's configuration file?

See, everyone is one step ahead of me! That wasn't the problem but is now. As I understand (which is lacking) Docker was meant to add the trusted domains to the config.php on creation as I added them to the Environment section. But it didn't so all I have to do is roll up my sleeves and get stuck in with the command line.

Someone recommend me an easy text editor and command to get it running. And - note to self cos we've been here before - copy the file first...

 

[kiriak]

nano is easy and if you got stuck, just press control+X for exit and choose No for saving the changes, and start again

I'm totally newbee in all these,
(but I'm playing some days trying to install nextcloud in a FreeNAS test PC that I have,
installation was Ok but could not find my way about https,
so I learnt a couple of things)

 

[DeltaGolf]

nano is easy

Yes, I remember now. And it has instructions at the bottom of the window!

But I think I used Terminal on a Mac, SSH'd into the Syno, found the directory but couldn't gat Nano running. Like I say, another three days...

Nextcloud is nice once its up and running. Shows Syno how file sharing, contacts and calendar how it should be done.

 

[kiriak]

Syno's Drive and Calendar are a plug and play solution,
nextcloud needs less or more work to install it and even more to check every security recommendation

I couldn't made it work with HTTPS in FreeNAS,
but I had success installing it with just one command in Ubuntu server with snap

There are pros and cons in both nextcloud and synology,
what bothers me in both is that I cannot save files in ios when they are offline