Firstly, don't need to shy away from this forum. This forum is for helping our users and it's free.

Yes. It's straight forward at least we thought. So, there's not much to say in the document. Send me a private message with your NxCloud public IP and the token you tested with. I will test it myself.

And what was the difficulties for you to install it on Ubuntu? Did you try our DEB package for NxRelay? Did it give you some trouble? We can try to fix it if you tell me what it is.

That was fast, thanks support200. My problem was that I was trying to install ScreenConnect on Ubuntu and it kept updated the java to 17 and would freak NXRelay out. My own issue, hence why I didn't go deeper. Once I got the java figured out, I still couldn't get it to connect. Private message being sent. Thanks.

You can install another version of Java and modify /nxrelay/bin/startup.sh to use the specific version of Java. Once you modify the scripts, it will be preserved when you update NxRelay by its deb package.

It seems like your UDP/53 is not open. I tried this option,

- use_https_query
With this option enabled, NxRelay will do its policy queries over HTTPS.
ex) 0 = false, 1 = true

https://nxfilter.org/tutorial/d-nxre...network.php#co

I guess you have some traffic from me.


But don't use this one, use_https_dns

It seems like there's a problem between NxRelay DoH query module and Cloudflare. We have a plan to replace DoH query module in near future.

With the next version of NxRelay, we will try to test all the ports it needs. At the moment, it only tests TCP/80.

Thanks! You nailed it, I had fat fingered the udp port and made it 54 not 53. Even with port 53/udp open it was still failing (I'd love to know why but less important now that we have it working). I switched to the use_https_query to true and sure enough it registered and I can see hits on the DNS now. The odd part is that the server seems to be responding to any DNS request from the internet. When I look to see what services are listening on what ports, I do not see Port 53 on the list.

sshd 781 root 3u IPv4 19212 0t0 TCP *:22 (LISTEN)
sshd 781 root 4u IPv6 19227 0t0 TCP *:22 (LISTEN)
java 1175 root 58u IPv4 22036 0t0 TCP 127.0.0.1:19001 (LISTEN)
java 1175 root 60u IPv4 22037 0t0 TCP *:19003 (LISTEN)
java 1175 root 65u IPv4 22047 0t0 TCP *:80 (LISTEN)
java 1175 root 69u IPv4 22049 0t0 TCP *:443 (LISTEN)

So - for anyone on a similar hunt - if you're hosting your NXCloud at a location like DigitalOcean or other provider - make sure you have 80, 443 and 53 open to the server (both at DigitalOcean firewall and on your ufw in Ubuntu). On your Relay make sure to change the cfg.properties file to enable DNS queries over HTTPS by putting a 1 next to use_https_query and your Relay should connect to the NXCloud server.

Thanks for the assistance!

If your server is responding to any response from the Internet, that's no good for security. However, NxCloud doesn't respond anyone unless they are known users. Read this part, https://tutorial.nxfilter.org/h-prev...ns-attacks.php

And even if you don't have your NxRelay site IP in NxCloud DB, it still can talk to NxCloud through UDP/53 as it's using a bit different protocol. You still can be blocked somewhere between NxCloud and NxRelay though. There was a company trying to service NxRelay for their customers but one of their customers was blocked by his ISP. That's why we started using HTTPS protocol for policy query.

I might have stumbled on something - someone else asked DigitalOcean why a droplet public IP was responding to DNS when it wasn't setup. I'm digging further and might have found the issue, will switch over to DigitalOcean for further support. Will update when I have a resolution.