Help Needed: Remote Access Issue with Nextcloud via Tailscale in Proxmox VM

Hi everyone,

I’m experiencing issues accessing my Nextcloud service remotely over Tailscale, and I’d appreciate any guidance.

Here’s my setup:

• I have a Proxmox host with a bridge (vmbr0) that includes the physical interface (eno1).
• My Start9 server (which runs Nextcloud behind a reverse proxy such as Nginx/Apache) is deployed in a VM with IP 192.168.x.vm on the local Ethernet network.
• My local network is 192.168.x.0/24. Connectivity within the LAN is all functional—localhost/firewall pings, access via a Windows laptop, and internal access using “address.local” work without issues.

For remote access, I set up Tailscale in an LXC container (non-privileged) on the Proxmox host. I have configured it to advertise the subnetwork using:
tailscale up --advertise-routes=192.168.x.0/24
The advertised route appears properly in the Tailscale admin panel, and I can successfully ping 192.168.x.vm from my mobile device (connected via Tailscale).

Problem:
Despite the above, when I try accessing Nextcloud remotely (both via the raw IP 192.168.x.vm and using the hostname “address.local”), I get an error – neither in HTTP nor HTTPS does it load correctly.

Steps I’ve taken so far:

  1. Confirmed that Tailscale is advertising the subnetwork properly (no log errors, ping works).
  2. Verified that the reverse proxy on the Start9 VM is listening on the proper IP/interface.
  3. Checked firewall rules on the VM and the Proxmox host.
  4. Tried accessing via both IP and hostname, with consistent results (it works on lan but no on tailscale’s VPN).

The fact that local access works but remote access via Tailscale does not suggests the issue might be related to the reverse proxy configuration, hostname validation (trusted domains in Nextcloud), or handling of proxy headers.

Has anyone encountered a similar issue or can offer suggestions to troubleshoot further? Any advice on checking proxy configurations, Nextcloud’s trusted domains settings, or potential pitfalls specific to running Tailscale in an unprivileged LXC would be much appreciated.


Additionally, I’m exploring how to integrate Nextcloud with Syncthing to build a secure, personal cloud that also provides robust, automated backups. My considerations include:

• Integrating Nextcloud and Syncthing for synchronized file access and backup – what is the best integration method or workflow for this?
• Recommendations to design a secure personal cloud solution that allows remote access while ensuring data integrity, even in the event of hardware failures.

For example, would a setup combining an SSD (for active, high-speed data load) with subsequent backups/copies to larger HDDs (configured with or without RAID) be advisable?
Are there best practices regarding RAID configurations or using dedicated backup tools in conjunction with Nextcloud/Syncthing to guard against data loss due to disk errors?
I would appreciate any suggestions, best practices, or experiences regarding building a secure, private cloud that guarantees both data accessibility and reliable backups.

I appreciate also any recommendations, insights, or questions for clarifications regarding both the connectivity issues with Nextcloud in my current hybrid setup (Proxmox VM managed by Start9 + LXC running Tailscale) and the integration with Syncthing coupled with robust backup strategies.

Thank you very much in advance for your help!

Regards,

When accessing Nextcloud (or any service) remotely, you need to use a publicly routable IP address or DNS name. The .local doesn’t work except for the LAN. The purpose of the reverse proxy is to proxy public connections to your internal service (WAN to LAN).

If by “remotely” you mean while on VPN, then it’s most likely your VPN configuration but .local addresses typically don’t work on VPN.

1 Like

And I guess that as start9 doesn’t expose the IP of the different services I need to figure out how to reach nextcloud until the new version of S9 is released.

Thank you for your answer!