Nextcloud, swag and local lan access problem

Forero · 2 November 2020 16:23

Hi, there.

I’m a newbie who recently installed swag plus duckdns, nextcloud, radarr, sonarr, airsonic, etc. on my Pi4 4Gb with Raspbian.

I can access all the apps both from within my local network and from outside with xxxx.example.duckdns.org (it’s true that from lan it’s a bit laggy but I access).

With the nextcloud container I can only access from outside the network and from the lan it is impossible.

This is my docker-compose, mariadb, nextcloud and swag part:

duckdns:
image: linuxserver/duckdns
container_name: duckdns
environment:
  - PUID=${PUID}
  - PGID=${PGID}
  - TZ=${TZ}
  - SUBDOMAINS=${SUBDOMINIOS}
  - TOKEN=${DUCK_TOKEN}
volumes:
  - $HOME/docker/duckdns/config:/config
restart: unless-stopped

  swag:
image: linuxserver/swag:1.8.0-ls15
container_name: swag
cap_add:
  - NET_ADMIN
environment:
  - PUID=${PUID}
  - PGID=${PGID}
  - TZ=${TZ}
  - URL=example.duckdns.org
  - SUBDOMAINS=wildcard
  - VALIDATION=duckdns
  - DUCKDNSTOKEN=${DUCK_TOKEN}
  - EMAIL=zzzzzz@example.com
  - DHLEVEL=2048
  - ONLY_SUBDOMAINS=true
volumes:
  - $HOME/docker/letsencrypt:/config
ports:
  - 1443:443
  - 180:80
restart: unless-stopped
  mariadb:
image: linuxserver/mariadb
container_name: mariadb
environment:
  - PUID=${PUID}
  - PGID=${PGID}
  - TZ=${TZ}
  - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
  - MYSQL_DATABASE=${MYSQL_DATABASE}
  - MYSQL_USER=${MYSQL_USER}
  - MYSQL_PASSWORD=${CONTRASENA}
volumes:
  - $HOME/docker/mariadb/:/config
  - $HOME/docker/mariadb/conf.d:/etc/mysql/conf.d
ports:
  - 3306:3306
restart: unless-stopped

  nextcloud:
image: linuxserver/nextcloud
container_name: nube
environment:
  - PUID=${PUID}
  - PGID=${PGID}
  - TZ=${TZ}
volumes:
  - $HOME/docker/nextcloud/appdata:/config
  - $HOME/docker/nextcloud/data:/data
ports:
  - 2443:443
  - 280:80
external_links:
  - mariadb:mariadb
depends_on:
  - mariadb
restart: unless-stopped

My nextcloud.subdomain.conf

<?php
$CONFIG = array (
‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘datadirectory’ => ‘/data’,
‘instanceid’ => ‘occh9faapt7b’,
‘passwordsalt’ => ‘vGQdjBYjQBo1tCbS1unyvW/Rz02EC2’,
‘secret’ => ‘SI0VMoL7tVJwfKdZlfxLOhfc2zqruO6uvvql2jJ/TAr4k7C9’,
‘trusted_domains’ =>
array (
0 => ‘192.168.1.151:2443’,
1 => ‘xxxx.example.duckdns.’,
),
‘dbtype’ => ‘mysql’,
‘version’ => ‘20.0.1.1’,
‘dbname’ => ‘nube’,
‘dbhost’ => ‘mariadb:3306’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘javier’,
‘dbpassword’ => ‘1234567890’,
‘trusted_proxies’ => [‘swag’],
‘overwrite.cli.url’ => ‘s://xxxx.example.duckdns./’,
‘overwritehost’ => ‘xxxx.example.duckdns.’,
‘overwriteprotocol’ => ‘https’,
‘installed’ => true,
);

I’ve spent the weekend reading and trying different configurations that I have found and I have not found the solution.

Anyone have any ideas how I can fix the problem?

Thanks in advance.

P.D.: I had to remove the example.duckdns because the system limit of 2 links.

driz · 2 November 2020 16:51

overwrite.cli.url looks wrong and is 0 in your trusted domains array what was originally there, because it looks like it was changed?

also, you’re definitely going to have weird behavior with 1443 as the exposed port on swag from an internal perspective, so you’ll have to rely on hairpin nat.

Forero · 2 November 2020 18:10

Thank you for your prompt answer.

The really overwrite.cli.url’ => ‘s://xxxx.example.duckdns./’ is ‘https://xxx.example.duckdns.org’ but because a limitation in the maximum links I can write in a post as new user (2), I had to change them.

I changed the port to 1443 for being able to use pihole (I read it doesn’t work well without this port).

I will try to stop pihole and launch swag in ports 80 and 443.

I will keep you informed.

driz · 2 November 2020 18:19

ahh makes sense, yah i hate that new users are link limited.

i would suggest remapping the 80/443 on your pihole and then using swag to reverse proxy to your pihole (pihole.subdomain.conf.sample, make sure you change the port to match)

that way, internally and externally, you can just use the name without ports being required.

Additionally, if you create dns records for everything in your pihole, probably in lan.list, then when you do an internal lookup of thing.example.duckdns.com you’ll get the LAN ip of your docker host and hit swag directly without hairpin to your router. this will make things much quicker

once you move pihole though, try accessing nextcloud again and i think it’ll work, though proper hairpin nat should work fine as well, though with some added delay.

Forero · 2 November 2020 19:05

I have tried, changing the port on the router and in swag from 143 and 180 to 443 and 80, and stopping pihole. There is not much improvement.

I can access via Firefox but very slow. Nothing to do with the access I have to sonarr, for example.

Regarding moving pihole and modifying the local.list file, I have several questions:

Should I point the router’s DNS to the IP address of the raspberry as it had before?
Should I add all IP relations raspberry xxxx.example.duckdns.org (9)? or can I include just example.duckdns.org?

Thanks for your help.

Forero · 4 November 2020 15:17

Solved.

Changed the DNS of the router to the raspberry IP and added my xxxx.example.duckdns.or to “Local DNS records” pointing to the raspberry IP, and nextcloud begun to work like a charm.

Thank you @driz for your guidance.

system · 9 November 2020 15:18

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.