Hello everyone,
I’m currently facing connectivity issues with my Nextcloud installation running on a Proxmox environment. The setup involves a VM managed via Start9 that runs Nextcloud, and an LXC container (Debian 12) running Tailscale to route VPN traffic. I’m seeking insights on resolving the connection problems as well as recommendations on integrating Nextcloud with Syncthing and establishing reliable backup strategies.
────────────────────────────
Environment & Configuration
• Environment Setup:
- Proxmox host running:
• A VM (managed by Start9) that runs Nextcloud
• An LXC container (Debian 12) running Tailscale for VPN traffic routing
• Access Paths: - The Nextcloud mobile app uses Tailscale and connects via the internal IP (192.168.x.a).
- Connection attempts have been made both from the same local WiFi network (without Tailscale) and remotely via Tailscale VPN.
• Nextcloud Configuration (config.php):
- Trusted domains: All relevant variants of the IP (including 192.168.x.a) have been added to the trusted_domains array.
- Overwriteprotocol is set to “https”.
- Initially, overwrite.cli.url was configured with a domain (xxxxx.local); however, it was later changed to use the IP of Start9. This change did not resolve the issue, so it was reverted to the original configuration.
• Additional Configuration Details:
- Magic DNS is enabled, although disabling it does not change the error outcomes.
- No evidence of mDNS issues has been found since the connection issues occur regardless of whether the client is using WiFi without Tailscale or via Tailscale remote access.
- curl tests (HTTP and HTTPS) have been executed from both VPN-connected devices and devices on the local network, consistently returning HTTP 200 responses with no errors found in the logs (journalctl).
────────────────────────────
Observed Errors & Troubleshooting Results
• Mobile App Errors:
- When connecting via HTTP (port 80): “Server configuration in wrong format” appears.
- When connecting via HTTPS: “Error unknown. Server failed to respond” is displayed.
• Connectivity:
- The issues occur whether connecting from the same WiFi network (without Tailscale) or remotely via Tailscale VPN.
- Despite the errors shown by the mobile app, when performing curl tests from both environments (local and VPN), HTTP 200 responses are received without any error logged in journalctl.
• SSL and Binding Considerations:
- The Nextcloud server seems to be serving on an internal binding (with an associated internal IP, e.g., 192.168.x.a used in trusted_domains) but for some reason, connections fail when using HTTPS.
- The SSL certificate returns a proper chain; however, it only features a Common Name (for instance xxxx.local) and does not include Subject Alternative Names. This might cause conflicts when accessing via a different domain or directly via IP.
- Tests with curl indicate that under a basic HTTP/HTTPS connection, the server responds correctly, suggesting that the underlying Proxmox network configuration and Start9 setup are functioning at a basic connectivity level. Yet, the mobile Nextcloud app continues to fail, pointing towards a potential misconfiguration in how Nextcloud or Start9 is handling SSL bindings or connection routing.
• Change Attempts:
- Modifying overwrite.cli.url to use the IP address of Start9 did not resolve the connectivity issue; ultimately, the configuration was reverted to its original state.
────────────────────────────
Questions
- Has anyone encountered a scenario where Nextcloud (running via Start9 on a Proxmox VM) fails to respond correctly – both via local WiFi and remote Tailscale VPN – even though curl tests return a valid HTTP 200 response?
- Could the issue be due to Nextcloud binding to a specific interface or IP, causing certificate mismatches (given that the certificate common name is set to xxxx.local) when accessed via an IP address?
- Are there any recommended adjustments, such as explicitly binding Nextcloud to 0.0.0.0 or the desired external IP (192.168.x.a), to ensure that both HTTP and HTTPS connections work from any network segment?
- What additional debugging steps or logs (e.g., from systemd/journalctl during connection attempts) could help pinpoint why the mobile app reports “Server configuration in wrong format” on HTTP and “Server failed to respond” on HTTPS despite the backend responding correctly via curl?
- Could there be any specific interactions or conflicts between Start9’s configuration and Nextcloud that affect SSL handling or connection routing, and what steps should be taken to mitigate them?
────────────────────────────
Nextcloud & Syncthing Integration and Robust Backup Strategies
Additionally, I’m exploring how to integrate Nextcloud with Syncthing to build a secure, personal cloud that also provides robust, automated backups. My considerations include:
• Integrating Nextcloud and Syncthing for synchronized file access and backup – what is the best integration method or workflow for this?
• Recommendations to design a secure personal cloud solution that allows remote access while ensuring data integrity, even in the event of hardware failures.
- For example, would a setup combining an SSD (for active, high-speed data load) with subsequent backups/copies to larger HDDs (configured with or without RAID) be advisable?
- Are there best practices regarding RAID configurations or using dedicated backup tools in conjunction with Nextcloud/Syncthing to guard against data loss due to disk errors?
I would appreciate any suggestions, best practices, or experiences regarding building a secure, private cloud that guarantees both data accessibility and reliable backups.
I appreciate also any recommendations, insights, or questions for clarifications regarding both the connectivity issues with Nextcloud in my current hybrid setup (Proxmox VM managed by Start9 + LXC running Tailscale) and the integration with Syncthing coupled with robust backup strategies.
Thank you very much in advance for your help!
Regards,