Hej! I don’t know how well you understand swedish so I use english.
I haven’t done so much in this area of computing earlier but have spent some time to read about it now.
Do I really need to rent a webhotel to be able to use a domain for my Nextcloud?
I have been looking for domains and I see that there are swedish sites that are cheaper.
We do have a lot of criminals in the corporate zone here so I am ready to pay a little extra not to be fooled.
I am not fluent in swedish but I have a client which have swedish employees so I have supported a lot of swedes over the years Though I have retired I still do some work for this client - which is a very old friend - +35 years - so … they are using an app I developed 15 years ago - so I am preparing the computers for them - just finished a swede.
To answer your question - no - you do not need to rent a web hotel.
But you need a DNS provider and you do need to be able to control your router to forward IP traffic to your next cloud box and your router’s WAN IP must be a public IP.
There is several services on the web which can tell you the public IP e.g. myip.com.
Domain registrars and DNS providers
gratisdns.dk - is registrar and a self-service dns provider - they also offer webspace but it is not a requirement.
webhosting.dk - is registrar and a self-service web host but they also offer self-service dns administration and they don’t require you to buy hosting service.
joker.com - is a registrar and a self-service dns provider. They are no hosting provider but offers domain parking.
Those three is the ones I use - and they all ensures a very important point - ensure you are the owner - of the domain.
There is a lot of sharks and many registers domains in their own name and thus you do not have complete control over the domain name.
The best approach is to buy the domain from your DNS provider. This removes the step of moving the domain from one DNS provider to another.
There is three levels for most domains - ensure you are the one on all three.
The owner contact
The pay-the-bills contact
The technical contact
Ensure you are the owner - this is the most important point when getting usage rights for a domain name.
Joker.com is probably the most well known registrar and a lot of domain resellers use joker to buy domains. They are also cheap - and 100% reliable - been in business for several decades.
If you take a look at the cost - you can send me the cost (if you think I am worth it you can tip me anything you like) - and I will do the initial setup for you.
Great!!
So it’s a wise move to use joker.com for it all then? And you are willing to help me with this?
I will look into it as soon as I come home from work.
I have no idea what to “tip” you and I do not want to be cheap.
I work as musician and music teacher and have a hard time now (covid19 almost no concerts for 6 months).
“Networking/Clouding” is a new interest for me. I just configured my first samba-server (got it to work too.) Having some problems with NS but I just ge “sucked in”, forgetting other problems!! Almost therapeutic!
While there is several possibilities for setting up the DNS - with joker you leave it at the A record.
But as many users - if you tell them the web address - will be prepending the domain with www - it is best practice to have a CNAME record pointing to your root domain
When logged into your joker account
Click DNS for your domain (in the domain list)
Click Add New Record
a. Set Type field to A
b. leave Name(Subdomain) empty
c. enter your public IP in IP address
c. click Add
Repeat above - this time with CNAME
a. In Type - select CNAME
b. In Name - enter www
c. In Alias - enter *det-sovande-folket.org’
d. Click Add
Repeat for any email you want to add
a. Set Type to Email
b. Set the address e.g. brandent
c. Set an existing mailbox to receive the mail
d. Click Add
If you do not have a dedicated public IP - even the DHCP assigned addresses rarely change - you may need to use their Dynamic DNS service (which I have no experience with).
When you are done - Click Save changes at the page bottom.
DNS records created have a TTL (time to live) at 86400s - so waiting for a change to propagate can be a pain. Clicking options for the A-record - then the Edit icon - you can set TTL to e.g. 600s which is 10m. Remember to Save changes - otherwise the changes will not be saved.
As there is a lot of different interfaces I cannot possibly know them all.
But the requirements is identical
Assign a static IP address on your LAN to your NextCloud box
(you may already have done so - if - skip to next bullet)
Open your routers configuration interface and login
Locate the configuration section/page called Portforwarding
Create a rule from WAN to LAN and allow incoming traffic
port 80 -> nextcloud IP
port 443 -> nextcloud IP
Save the changes and restart your router.
Test access
Security
Within minutes of opening your router - botnets will begin scanning your system for vulnerabilities
The bots will very quickly know it is a nextcloud instance and begin hammering your login
The bots will also try to access known nextcloud extension packages which are known to be exploitable
So the most important thing
Keep your nextcloud up-to-date
Regularly check your logs
Employ fail-2-ban - a term used for blocking an IP for a period of time when it repeatedly fail to login - I don’t know if NextCloud has something built-in.
Depending on your router - you may not be able to connect directly to your routers WAN address - in which case you can test the access using e.g. your phone to connect to it (disable wireless on your phone - forcing it to use broadband).
Another option is connecting to the internet using a VPN - then access your domain - but bear in mind that you will need to disconnect from VPN to be able to access your router’s configuration interface - if you need to troubleshoot the rules.
I am glad is saturday because this is taking some time!
I could not get it to work for a long time. I talked to ISP-support and they said that everything looked good at their end so I read and read and went through your excellent “guides” again and started from the beginning and then I found that I overlooked ddns! By then it was too late to talk to ISP-support and I saw that I had an option in my router (ASUS). I used that and now I can connect from my phone (outside wlan). I don’t know if this is strange but I can connect using ip, my new domain and with ASUS ddns. Is that right?
That is normal - it depends on the settings in the web server configuration files. For the NextCloud software itself - I have not touched it extensively.
When you get to it - you will probably want to add a SSL certificate and you will be happy to know you can do it for free and it is fairly simple to do.
There is packages in Arch repo which simplifies the request and installation. Depending on the webserver Nginx or Apache there is helper packages to manage the configuration.
sudo pacman -Syu certbot cerbot{-apache|nginx}
I thought the help I wrote for you could benefit a wider audience so
Well I tried to use certbot (no snap) and now I have totally screwed the server. (service will not start)
I think a have misunderstood some things.
I have one domain and one sub-domain. I configured vhosts but that I should not have done?
There are php-errors and ssl errror in log. I don’t know how to fix those.
I am not giving up. I will get rid of vhost config and try to continue where I was before.
06:46:14 womp@archlabs-macmini41 ~ → sudo certbot --apache
[sudo] lösenord för womp:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.
AH00112: Warning: DocumentRoot [/home/womp/http/det-sovande-folket.org] does not exist
AH00112: Warning: DocumentRoot [/home/womp/http/det-sovande-folket.org] does not exist
AH00526: Syntax error on line 20 of /etc/httpd/conf/vhosts/det-sovande-folket.org:
SSLCertificateFile: file '/etc/httpd/conf/server.crt' does not exist or is empty
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apachectl configtest.\n\nAH00112: Warning: DocumentRoot [/home/womp/http/det-sovande-folket.org] does not exist\nAH00112: Warning: DocumentRoot [/home/womp/http/det-sovande-folket.org] does not exist\nAH00526: Syntax error on line 20 of /etc/httpd/conf/vhosts/det-sovande-folket.org:\nSSLCertificateFile: file '/etc/httpd/conf/server.crt' does not exist or is empty\n")
/home/womp/http/det-sovande-folket.org exists!
“server.crt”?
I am now getting rid of apache and will try nginx instead.
Couldn’t find out why httpd.service wouldnt start.
brandent
Well I have been looking into Nginx and it looks easier to config. I have switched to Nginx now as it has other benefits as well.
Apache must have been broken for a “long time” during configuration. Didn’t get any errors until reboot (and then it was too late).
I have difficulties making the difference between hostname host and servername.
One of the problems I had running Certbot was that it could not find anything to add which must mean that I did configure hostname wrong.
Should I put "computer name, localhost, 127.0.0.1, internal ip, wan-ip or domain name in Nginx “servernamne”?