ive anabled a port forward on port 80 (TCP/UDP) to my server, but i still cant acess it. i know its unsafe to just open a port like that, this is temporary, just wanna see if it works. ill put a reverse proxt and https on it later
Absolutely do not expose your server on port 80. Http is unencrypted, you’d be sending your login credentials in plaintext across the open internet. That is Very Bad™. If you own a domain name, you can set up a letsencypt cert fairly easily for free. Then you could expose 443 and at least your traffic will be encrypted in transit. It won’t solve the other potential issues of exposing your instance like brute force or ddos attacks, but I’d consider it a bare minimum.
If you use a VPN like many others are suggesting it won’t matter as much because the unencrypted traffic never leaves your local network.
As a side note: you not technically need a domain or a let’s encrypt certificate to enable https. As a test you can create your own certificate, and use that for https (snake-oil certificate).
This is not appropriate for longer-term usage. If you want to run websites on the Internet long-term, you should buy a domain and get a lets-encrypt certificate.
Technically true but I wouldn’t suggest using a self signed cert on the internet under any circumstances.
I’m kinda weirded out by all the people suggesting a VPN here.
Like – if you’re hosting Nextcloud, Jellyfin, etc and you want friends/family to use it, having them VPN into shit is a hurdle that none of them are going to overcome.
You need to make sure you’re not behind CGNAT first, if not, don’t use Nextcloud on port 80, put it on another port, and then open that port to the outside world.
Just be aware, you REALLY want these things to be isolated from your home environment if you’re going to host them, and you NEED to be on some sort of CVE notification list for the software you currently use. Not all CVEs are “YOU MUST UPGRADE NOW”, but some of them can be pretty severe.
I’ve set up fail2ban on my isolated network, and it does a pretty good job of banning any IPs that are probing for things. So much so that I’ve accidentally locked myself out of my own network a few times, lol
IF you ARE behind a CGNAT - what you’ll want to do is likely rent the cheapest VPS you can find, and then set up a VPN not on the VPS, but on your home network, and have the VPS be your public entry point to the network, as it will have a public facing IP and can mask your home IP address. – https://github.com/fractalnetworksco/selfhosted-gateway
Edit: THEN - once you’ve accomplished all that, you’ll probably want to buy a domain name, and reverse-proxy subdomains to forward to the services on specific ports.
Tailscale.
You can run clients on all your devices. Or if you want easier access, use the Funnel feature.
Tailscale Funnel lets you expose a local service, file, or directory to the entire internet, using what is effectively a VPN, except they don’t have to use a VPN (TS hosts an endpoint they connect to, then encrypt that traffic into your Tailscale network).
Afik nextcloud runs only on https, so 443 would be more suitable. I use wiregurd tho
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT IP Internet Protocol NAT Network Address Translation TCP Transmission Control Protocol, most often over IP VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
6 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.
[Thread #441 for this sub, first seen 19th Jan 2024, 23:25] [FAQ] [Full list] [Contact] [Source code]
You missed CVE – Common Vulnerabilities and Exposures
How have you tested this? You need to use the external IP address of your router (public ip) to open it. And you need to test that from another internet connection. Also make sure the browser is actually trying to open an http connection to port 80. Some modern browsers / addons try to prefer https on port 443 instead and that wouldn’t be reachable. Does a ping work? What’s the exact error message? The port forward could be wrong. Needs to be port 80 (TCP) towards the internal device where nextcloud runs, to the port where it runs on that machine (could be 80, too). It could also be blocked by your provider, or your specific provider doesn’t allow port forwards. Or you ran into issues with the shift to IPv6 addresses. Maybe your provider has some strange setup. Try if you can ping your router from external first. And try the canyouseeme.org mentioned in the other comment. That’s good advice.
10.x.x.x IS an external adres yes? how do I check?
Sorry, 10.x.x.x is a private IP address range. That can’t be reached from the internet.
Maybe try one of the services that display your IP like https://www.showmyip.com/ or the one mentioned earlier: canyouseeme.org , that one also shows your IP.
I have little info to work on. There are many different providers around the world with very different setups. Some are suitable for port forwarding, some arent. (You could sit behind a Carrier Grade NAT, which makes port forward difficult to impossible.) But you need to figure out your IP first.
All I can say, I run something like you describe… Nextcloud, a reverse proxy and a few other services. I did some port forwards, got a domain that points to my IP and it works fine.
Edit: I use YunoHost on my computer. Its a Linux distribution for selfhosting. I think its a good choice to get your feet warm or if you want a low maintenance setup. It includes Nextcloud and many other services.
But you have to figure out how to access your computer from outside. Either you get your IP and the port forward running, or you have to use a service like pagekite.net or you get a VPN running like almost everyone else here wants to convince you to use. I don’t think a VPN is a good idea except if you only want to use it by yourself and not use all the collaborative features of nextcloud.