Help Needed: Remote Access Issue with Nextcloud via Tailscale in Proxmox VM

Hi everyone,

I’m experiencing issues accessing my Nextcloud service remotely over Tailscale, and I’d appreciate any guidance.

Here’s my setup:

• I have a Proxmox host with a bridge (vmbr0) that includes the physical interface (eno1).
• My Start9 server (which runs Nextcloud behind a reverse proxy such as Nginx/Apache) is deployed in a VM with IP 192.168.x.vm on the local Ethernet network.
• My local network is 192.168.x.0/24. Connectivity within the LAN is all functional—localhost/firewall pings, access via a Windows laptop, and internal access using “address.local” work without issues.

For remote access, I set up Tailscale in an LXC container (non-privileged) on the Proxmox host. I have configured it to advertise the subnetwork using:
tailscale up --advertise-routes=192.168.x.0/24
The advertised route appears properly in the Tailscale admin panel, and I can successfully ping 192.168.x.vm from my mobile device (connected via Tailscale).

Problem:
Despite the above, when I try accessing Nextcloud remotely (both via the raw IP 192.168.x.vm and using the hostname “address.local”), I get an error – neither in HTTP nor HTTPS does it load correctly.

Steps I’ve taken so far:

  1. Confirmed that Tailscale is advertising the subnetwork properly (no log errors, ping works).
  2. Verified that the reverse proxy on the Start9 VM is listening on the proper IP/interface.
  3. Checked firewall rules on the VM and the Proxmox host.
  4. Tried accessing via both IP and hostname, with consistent results (it works on lan but no on tailscale’s VPN).

The fact that local access works but remote access via Tailscale does not suggests the issue might be related to the reverse proxy configuration, hostname validation (trusted domains in Nextcloud), or handling of proxy headers.

Has anyone encountered a similar issue or can offer suggestions to troubleshoot further? Any advice on checking proxy configurations, Nextcloud’s trusted domains settings, or potential pitfalls specific to running Tailscale in an unprivileged LXC would be much appreciated.


Additionally, I’m exploring how to integrate Nextcloud with Syncthing to build a secure, personal cloud that also provides robust, automated backups. My considerations include:

• Integrating Nextcloud and Syncthing for synchronized file access and backup – what is the best integration method or workflow for this?
• Recommendations to design a secure personal cloud solution that allows remote access while ensuring data integrity, even in the event of hardware failures.

For example, would a setup combining an SSD (for active, high-speed data load) with subsequent backups/copies to larger HDDs (configured with or without RAID) be advisable?
Are there best practices regarding RAID configurations or using dedicated backup tools in conjunction with Nextcloud/Syncthing to guard against data loss due to disk errors?
I would appreciate any suggestions, best practices, or experiences regarding building a secure, private cloud that guarantees both data accessibility and reliable backups.

I appreciate also any recommendations, insights, or questions for clarifications regarding both the connectivity issues with Nextcloud in my current hybrid setup (Proxmox VM managed by Start9 + LXC running Tailscale) and the integration with Syncthing coupled with robust backup strategies.

Thank you very much in advance for your help!

Regards,

When accessing Nextcloud (or any service) remotely, you need to use a publicly routable IP address or DNS name. The .local doesn’t work except for the LAN. The purpose of the reverse proxy is to proxy public connections to your internal service (WAN to LAN).

If by “remotely” you mean while on VPN, then it’s most likely your VPN configuration but .local addresses typically don’t work on VPN.

1 Like

And I guess that as start9 doesn’t expose the IP of the different services I need to figure out how to reach nextcloud until the new version of S9 is released.

Thank you for your answer!

Have you followed this guide by Tailscale?

https://tailscale.com/kb/1130/lxc-unprivileged

1 Like

How do you ping from the mobile app of Tailscale?

I was thinking that Tailscale should be installed inside start9 for the services to be accessible outside your home network?

I don’t remember if I did the steps from the guide, but I’d say yes.

Tailscale has an option to do it, I think I also used Termux.

I don’t know if start9 has tailscale on the marketplace but I prefer having it isolated on a lxc for security.

I am waiting for the new release of start9 as it should make easier the remote access.

Thank you for your answer!

Since the new release will have remote access, I think in my case I won’t be needing Proxmox as I can Nextcloud, Jellyfin in start9. Only exception here would be running Immich which start9 do not have. So in this case I will need Proxmox. lol.

1 Like

I didn’t know Immich, it looks good but I don’t know if I need another computer to run all the services at once. Thank you!
Have you tried ente?

I’ll let you know if my setup works once the new version is out.

1 Like