Login to a blank page
-
also, SOGo is meant to work only with the Cloudron mail server and the package pre-configures for login with the mail server.
-
@girish I see the sogo server is trying to log in to my main url. The server is not directly connected to its external ip, it is behind nat. Can that be causing this?
@brynjar Do you know if hairpin routing works on your setup? Essentially, you should be able to curl the external IP from the Cloudron. Does that work? You can try
curl https://my.domain.comfrom the server. If that doesn't work, then I can provide some alternate solutions.edit: https://en.wikipedia.org/wiki/Network_address_translation#NAT_loopback
-
@brynjar Do you know if hairpin routing works on your setup? Essentially, you should be able to curl the external IP from the Cloudron. Does that work? You can try
curl https://my.domain.comfrom the server. If that doesn't work, then I can provide some alternate solutions.edit: https://en.wikipedia.org/wiki/Network_address_translation#NAT_loopback
-
@girish I get this:
"<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
" -
@brynjar Did you do http by any chance or was it https? Can you paste the output of
curl -v https://my.domain.com(maybe remove any sensitive stuff). But I feel this is probably your router login page or something, let's see.@girish This is from http - https gives an ssl error.
"curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
" -
@girish This is from http - https gives an ssl error.
"curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
" -
@brynjar Given this is a server in the local network, how do you plan to make the mail server make anyway? It will need inbound port 25 (does your ISP allow this?) for email to work at all.
Anyway if you have a plan for all that
... Cloudron uses a DNS server called unbound internally. You can configure unbound to make queries via an intermittent resolver, for example, maybe pfsense. Then in pfsense you can configure my.domain.comto point to your internal IP. This ways curl my.domain.com from inside Cloudron will work. There's some info at https://docs.cloudron.io/networking/#internal-dns-server (instead ofcloudron.lanin the example you would usedomain.com) -
@brynjar Given this is a server in the local network, how do you plan to make the mail server make anyway? It will need inbound port 25 (does your ISP allow this?) for email to work at all.
Anyway if you have a plan for all that
... Cloudron uses a DNS server called unbound internally. You can configure unbound to make queries via an intermittent resolver, for example, maybe pfsense. Then in pfsense you can configure my.domain.comto point to your internal IP. This ways curl my.domain.com from inside Cloudron will work. There's some info at https://docs.cloudron.io/networking/#internal-dns-server (instead ofcloudron.lanin the example you would usedomain.com) -
@girish This server is on a corp network with more then one external ip's. I have all traffic for one external ip natted to the cloudron server, both directions.
@brynjar Ah ok. FWIW, this is only a problem with SOGo. They made a change where the IMAP/SMTP servers must have a proper certificate and there is no way to work with self-signed certs. rainloop/roundcube are configured to use the internal docker hostnames, so they don't have this problem iirc.
-
@brynjar Ah ok. FWIW, this is only a problem with SOGo. They made a change where the IMAP/SMTP servers must have a proper certificate and there is no way to work with self-signed certs. rainloop/roundcube are configured to use the internal docker hostnames, so they don't have this problem iirc.
