Hello folks, thank you for this great community!
So, I've set up a nice Nextcloud server I can access from the WAN with ease. Port forwarding is fine, HTTPS works with a Let's Encrypt certificate, my DDNS service is awesome (duckdns.org).
What's wrong with my setup is, I won't be able to access to my nextcloud instance from my LAN if I follow my DDNS domain. Why do I want this? So that I can have my trusted certificate working everywhere on my phone, both at home and outside home.
Specifically, the error I get is
Rejected request from RFC1918 IP to public server address
If I try to connect to my nextcloud instance from the domain. Typing its local IP works, though.
Now, I don't know what to touch (firewall? Or maybe dnsmasq?) to make it work. Can you help me?
TL;DR I want to be able to connect to my nextcloud instance inside LAN using my DDNS domain.
I assume you resolve your external domain with dnsmasq to a local ip address...
Add this to your config /etc/config/dhcp at the dnsmasq section:
list rebind_domain 'example.local'
Replace example.local with your domain.
I've already tried to do that but it doesn't work. My domain is translated into my public IP address, obviously, and in fact I'll get the same error if I type my public IP directly in my browser, bypassing duckdns.
The error message you've given suggests that it's NextCloud or your web server that is "complaining". You should be able to easily confirm that the requests from your private net are reaching the web server and/or reverse proxy if you haven't already.
I run NextCloud on nginx behind an nginx reverse proxy and it works without a hitch with split-horizon DNS providing a "local" IP address that overrides the public DNS entries.
I just added my duckdns.org domains in Luci gui: "Network > Hostnames" and pointed each to it's respective, local server ip. It works perfectly
It doesn't work
Ok guys, looks like I've understood the issue a bit better.
So, connecting to domain.duckdns.org displays the error I reported in OP. Forcing it to HTTPS makes Firefox say my cert is not ok for domain.duckdns.org. You know why? Because it's LuCI's one! Basically, domain.duckdns.org, in my LAN, points to LuCI interface, not my server!
My port forwarding is
port 80 WAN -> server port 80
port 443 WAN -> server port 443