You spend hours getting your Nextcloud server running perfectly. It works flawlessly when you are out of the house on mobile data. But the exact second you connect to your home Wi-Fi, the desktop client throws a generic connection error, and Nextcloud Talk refuses to connect any calls.
Here i received a SMS on my Fiverr account for help to fix issue:
“I am running Nextcloud on a local LAN network (10.0.x.x IP). Everything works on the web interface, but the Nextcloud Talk app and desktop client are not connecting properly due to SSL (self-signed certificate) issues. Is there any alternative solution or setup that allows Talk and desktop app to work smoothly on a local IP without HTTPS/SSL problems?”
It is a massive headache, but it is also a rite of passage for almost everyone getting into self-hosting.
The issue boils down to how your home router handles web traffic and how strictly Nextcloud enforces security. When you are inside your network, your devices struggle to safely match your public SSL certificate with your private server.
Here is exactly how to clean up your network configuration so everything syncs smoothly on your local LAN.
Tell Your Router Where to Look (Split-Horizon DNS)
When you attempt to access your Nextcloud URL (in this example, https://nextcloud.yourdomain.com) from your living room, your device sends out a request to the internet which then tries to loop right back into your house through your router. This is not something that most consumer routers have, and if they do, they will drop it immediately resulting in instant SSL errors.
This can be solved by configuring Split-Horizon DNS. So this would be a neat trick to tell your local network: “When someone tries to connect to my Nextcloud domain, direct them to the local network server IP”.
- The Fix: Log in to your local DNS manager which could be your router’s advanced settings, a Pi-hole or AdGuard Home.
- Action: Create a tailor-made A-record that will map your precise Nextcloud domain name straight to your internal IP address of your server (in this example 192.168.1.50).
Yes, this time your laptop has direct connection with your server via the high-speed local network, but it still needs to use the domain name that it needs to keep your SSL certificate happy.
Update Your “Trusted Domains” List
Nextcloud includes a built-in security guard. If a device tries to connect to the server using an IP address or domain that isn’t explicitly whitelisted, Nextcloud blocks it immediately. If you are shifting to local connections, you must add your local IP to this list.
- The Action: Open your server’s terminal or file manager and locate your configuration file at
config/config.php. - The Tweak: Look for the
trusted_domainsarray and add your local server IP as a new line.
Your configuration should look like this:
PHP
'trusted_domains' =>
array (
0 => 'nextcloud.yourdomain.com', // Your public web address
1 => '192.168.1.50', // Your server's local LAN IP
),
Note: Whenever you edit config.php, double-check your commas and syntax. A missing comma here can take your entire Nextcloud instance temporarily offline. Save the file and restart your Nextcloud container or web server to apply the changes.
Use an SSL Setup the Clients Actually Trust
The official Nextcloud desktop client and the Nextcloud Talk app (which uses WebRTC) is very demanding when it comes to security. These apps will recognize that if you use a self-signed certificate that you created on your own, it is a security threat and will block connection.
You have two ways to solve this:
- The Hard Way: You must manually export your self-signed Certificate Authority (CA) root certificate and install it into the trusted root store of every single phone, tablet, and PC you own.
- The Smart Way: Reverse proxy Nextcloud with Nginx Proxy Manager or Caddy. You can set your reverse proxy to renew your SSL certificate using the DNS-01 validation, and receive a totally free, genuinely valid SSL certificate. It is recognized worldwide and will be trusted automatically by all devices that are connected to your network, without any manual tweaking.
Fix Nextcloud Talk’s Communication Map
If you ever try to connect to Nextcloud using its raw local IP address rather than a domain name, Nextcloud Talk will break. The underlying video tech needs a clear roadmap to bridge connections between your devices over local firewalls.
- The Action: Log into Nextcloud through your web browser as an administrator.
- The Tweak: Navigate to Administration Settings > Talk.
- Look for the STUN servers field and ensure it points to a reliable signaling server, like
stun.nextcloud.com:443.
This small change makes your devices at home have the exact same reference point to make a stable video call with others in the same network without being blocked by your house router’s firewall rules.