[SOLVED] Nextcloud backup not working / Accessing NATed server from OPNsense

[micmon]

When trying to configure Nextcloud backup I get "communication failure".

My Nextcloud server is located inside my LAN behind the OPNsense appliance, which itself serves as a firewall/router behind a bridged DSL-modem. On OPNsense I have configured dynamic DNS and port forwarding (80, 443). I can reach my Nextcloud server both from the LAN as well as from the outside. However, I cannot reach it from OPNsense itself, so the backup function does not work.

I have tested with "curl -v -k https://mydomain.com": I get the Nextcloud login from any client inside my network as well as from the outside. However I get the OPNsense login when run from OPNsense.

OPNsense resolves the dynamic DNS name of the server which is the public IP on the WAN interface on the OPNsense appliance itself. Now it should trigger the port forwarding, however this does not seem to be the case. I assume this is because "IF" is "WAN" inside my NAT rule and this does not match the connection initialed from OPNsense itself. For the same reason, a second rule with "IF" set to "LAN" won't work.

Any idea how to fix this?

[fabian]

can you try to move the web interface to another port? Is NAT-Reflection enabled?

[micmon]

>> can you try to move the web interface to another port?
This won't help.

>> Is NAT-Reflection enabled?
Yes, via the global option "Reflection for port forwards".

[fabian]

can you try a DNS Host override

[micmon]

Already tried that (using unbound). LAN clients seem to pick up the override just fine. However, OPNsense itself does not seem to use the overrides.

# host mydomain.com    // run from OPNsense
mydomain.com has address 79.x.x.x   // still returns public IP

I then changed System > Settings > General > DNS servers, replaced 1.1.1.1 with 192.168.178.1 (localhost). After that:

# host mydomain.com
mydomain.com has address 192.168.178.100

The output of "curl -v https://mydomain.com" looks fine now. However, the backup still does not work. Any idea where to get a log of the backup function?

[micmon]

Found the log in System > Log files > General:

config[38352]: {"url":"http:\/\/mydomain.com\/remote.php\/dav\/files\/micmon\/","content_type":"text\/html","http_code":301,"header_size":222,"request_size":184,"filetime":-1,"ssl_verify_result":0,"redirect_count":0,"total_time":0.004059,"namelookup_time":0.002517,"connect_time":0.00322,"pretransfer_time":0.003387,"size_upload":0,"size_download":185,"speed_download":46250,"speed_upload":0,"download_content_length":185,"upload_content_length":-1,"starttransfer_time":0.003954,"redirect_time":0,"redirect_url":"https:\/\/mydomain.com\/remote.php\/dav\/files\/micmon\/","primary_ip":"192.168.178.100","certinfo":[],"primary_port":80,"local_ip":"192.168.178.1","local_port":48586}

The primary_port 80 got me thinking... changed URL from "mydomain.com" to "https://mydomain.com" and now the backup works.

So, if anyone knows a better solution, please let me know!