Hej! I don’t know how well you understand swedish so I use english.
I haven’t done so much in this area of computing earlier but have spent some time to read about it now.

Do I really need to rent a webhotel to be able to use a domain for my Nextcloud?

I have been looking for domains and I see that there are swedish sites that are cheaper.
We do have a lot of criminals in the corporate zone here so I am ready to pay a little extra not to be fooled.


I am not fluent in swedish but I have a client which have swedish employees so I have supported a lot of swedes over the years :slight_smile: Though I have retired I still do some work for this client - which is a very old friend - +35 years - so … they are using an app I developed 15 years ago - so I am preparing the computers for them - just finished a swede.

To answer your question - no - you do not need to rent a web hotel.

But you need a DNS provider and you do need to be able to control your router to forward IP traffic to your next cloud box and your router’s WAN IP must be a public IP.

There is several services on the web which can tell you the public IP e.g.

Domain registrars and DNS providers - is registrar and a self-service dns provider - they also offer webspace but it is not a requirement. - is registrar and a self-service web host but they also offer self-service dns administration and they don’t require you to buy hosting service. - is a registrar and a self-service dns provider. They are no hosting provider but offers domain parking.

Those three is the ones I use - and they all ensures a very important point - ensure you are the owner - of the domain.

There is a lot of sharks and many registers domains in their own name and thus you do not have complete control over the domain name.

The best approach is to buy the domain from your DNS provider. This removes the step of moving the domain from one DNS provider to another.

There is three levels for most domains - ensure you are the one on all three.

  • The owner contact
  • The pay-the-bills contact
  • The technical contact

Ensure you are the owner - this is the most important point when getting usage rights for a domain name. is probably the most well known registrar and a lot of domain resellers use joker to buy domains. They are also cheap - and 100% reliable - been in business for several decades.

If you take a look at the cost - you can send me the cost (if you think I am worth it you can tip me anything you like) - and I will do the initial setup for you.

So it’s a wise move to use for it all then? And you are willing to help me with this?
I will look into it as soon as I come home from work.
I have no idea what to “tip” you and I do not want to be cheap.
I work as musician and music teacher and have a hard time now (covid19 almost no concerts for 6 months).
“Networking/Clouding” is a new interest for me. I just configured my first samba-server (got it to work too.) Having some problems with NS but I just ge “sucked in”, forgetting other problems!! Almost therapeutic!

I will get back to you!


Not a requirement - just a cup of coffee or a beer.

I am on right now and wonder if dnssec is something I need?
whois opt in? (not needed right?)


I need dnssec.


Well now it’s done.
I took privacy pro and no whois opt in.


1 Like

While there is several possibilities for setting up the DNS - with joker you leave it at the A record.

But as many users - if you tell them the web address - will be prepending the domain with www - it is best practice to have a CNAME record pointing to your root domain

When logged into your joker account

  1. Click DNS for your domain (in the domain list)
  2. Click Add New Record
    a. Set Type field to A
    b. leave Name(Subdomain) empty
    c. enter your public IP in IP address
    c. click Add
  3. Repeat above - this time with CNAME
    a. In Type - select CNAME
    b. In Name - enter www
    c. In Alias - enter *
    d. Click Add
  4. Repeat for any email you want to add
    a. Set Type to Email
    b. Set the address e.g. brandent
    c. Set an existing mailbox to receive the mail
    d. Click Add

If you do not have a dedicated public IP - even the DHCP assigned addresses rarely change - you may need to use their Dynamic DNS service (which I have no experience with).

When you are done - Click Save changes at the page bottom.

DNS records created have a TTL (time to live) at 86400s - so waiting for a change to propagate can be a pain. Clicking options for the A-record - then the Edit icon - you can set TTL to e.g. 600s which is 10m. Remember to Save changes - otherwise the changes will not be saved.

Thank you so much!!! (I have a good memory so I will not forget this!)
I think I managed every step.

Am i ready to use my domain in nextcloud now?


The last step is configuring your router.

As there is a lot of different interfaces I cannot possibly know them all.

But the requirements is identical

  • Assign a static IP address on your LAN to your NextCloud box
    (you may already have done so - if - skip to next bullet)
  • Open your routers configuration interface and login
  • Locate the configuration section/page called Portforwarding
  • Create a rule from WAN to LAN and allow incoming traffic
    • port 80 -> nextcloud IP
    • port 443 -> nextcloud IP
  • Save the changes and restart your router.
  • Test access
  • Security
    1. Within minutes of opening your router - botnets will begin scanning your system for vulnerabilities
    2. The bots will very quickly know it is a nextcloud instance and begin hammering your login
    3. The bots will also try to access known nextcloud extension packages which are known to be exploitable
    4. So the most important thing
    5. Keep your nextcloud up-to-date
    6. Regularly check your logs
    7. Employ fail-2-ban - a term used for blocking an IP for a period of time when it repeatedly fail to login - I don’t know if NextCloud has something built-in.

Depending on your router - you may not be able to connect directly to your routers WAN address - in which case you can test the access using e.g. your phone to connect to it (disable wireless on your phone - forcing it to use broadband).

Another option is connecting to the internet using a VPN - then access your domain - but bear in mind that you will need to disconnect from VPN to be able to access your router’s configuration interface - if you need to troubleshoot the rules.

If you can connect :partying_face:

I am glad is saturday because this is taking some time!

I could not get it to work for a long time. I talked to ISP-support and they said that everything looked good at their end so I read and read and went through your excellent “guides” again and started from the beginning and then I found that I overlooked ddns! By then it was too late to talk to ISP-support and I saw that I had an option in my router (ASUS). I used that and now I can connect from my phone (outside wlan). I don’t know if this is strange but I can connect using ip, my new domain and with ASUS ddns. Is that right?

I am just starting to look into security now.

Thanks again!!!


That is normal - it depends on the settings in the web server configuration files. For the NextCloud software itself - I have not touched it extensively.

When you get to it - you will probably want to add a SSL certificate and you will be happy to know you can do it for free and it is fairly simple to do.

There is packages in Arch repo which simplifies the request and installation. Depending on the webserver Nginx or Apache there is helper packages to manage the configuration.

sudo pacman -Syu certbot cerbot{-apache|nginx}

I thought the help I wrote for you could benefit a wider audience so

1 Like

I am having doubts if I should go for “default” or “wildcard”.
What would you do?


Before you dive into ssl - be sure the hostname etc. is setup correctly in the web servers configuration.

Using certbot and the correct helper will request the host names registered in the configuration.

I am using certbot and certbot-nginx - never asked me for wildcard.

You should disable answering on the IP address in the web server configuration - only use hostname.tld and www.hostname.tld.

Are you using snap? (I wonder how suspicious of Microsoft I should be?)
Regarding hostname: localhost or internal-ip? Does that matter?


Well I tried to use certbot (no snap) and now I have totally screwed the server. (service will not start)
I think a have misunderstood some things.
I have one domain and one sub-domain. I configured vhosts but that I should not have done?
There are php-errors and ssl errror in log. I don’t know how to fix those.
I am not giving up. I will get rid of vhost config and try to continue where I was before.


This is as far as I get:

06:46:14 womp@archlabs-macmini41 ~ → sudo certbot --apache
[sudo] lösenord för womp: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.

AH00112: Warning: DocumentRoot [/home/womp/http/] does not exist
AH00112: Warning: DocumentRoot [/home/womp/http/] does not exist
AH00526: Syntax error on line 20 of /etc/httpd/conf/vhosts/
SSLCertificateFile: file '/etc/httpd/conf/server.crt' does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apachectl configtest.\n\nAH00112: Warning: DocumentRoot [/home/womp/http/] does not exist\nAH00112: Warning: DocumentRoot [/home/womp/http/] does not exist\nAH00526: Syntax error on line 20 of /etc/httpd/conf/vhosts/\nSSLCertificateFile: file '/etc/httpd/conf/server.crt' does not exist or is empty\n")

/home/womp/http/ exists!
I am now getting rid of apache and will try nginx instead.
Couldn’t find out why httpd.service wouldnt start.

I don’t know much on apache.

It is probably better to create a topic to see of other members are more knowledgeable in this area.

The message states your service has configuration errors.

Never use your home for server content as the http system account has no access - use the /srv/http folder for that.

Better create a forum topic - I know nothing about apache and solving your issue would benefit other users as well.

1 Like

Well I have been looking into Nginx and it looks easier to config. I have switched to Nginx now as it has other benefits as well.
Apache must have been broken for a “long time” during configuration. Didn’t get any errors until reboot (and then it was too late).

I have difficulties making the difference between hostname host and servername.
One of the problems I had running Certbot was that it could not find anything to add which must mean that I did configure hostname wrong.

Should I put "computer name, localhost,, internal ip, wan-ip or domain name in Nginx “servernamne”?