Can't get my domain to work with Cloudron
-
Okay, I used the first command and it posted my public IP. I used the host my.domain.com 8.8.8.8 and that also printed my public IP.
Now, when I tried curl https://my.domain.com, it gave me the following:
curl: (7) Failed to connect port 443: connection refused
So, I've made sure that port 443 and 80 are port forwarded on my Ubuntu private IP address and I have the DNS records set to my public IP in my Cloudflare account with the proxy disabled and it's still not working.
-
@danteswrath said in Can't get my domain to work with Cloudron:
curl: (7) Failed to connect port 443: connection refused
This is most likely to do with your router not supporting hairpin/loopback NAT. What you can do to verify this is connect from outside your network and see if the curl works. If that works, either you need a router that supports hairpin NAT. Alternately, try the workaround at https://docs.cloudron.io/troubleshooting/#hairpin-nat
-
Okay, I checked out that workaround, but I'm still new to these sort of configuration, so would you be able to walk me through some of it?
This option in the workaround confuses me a bit:
Configure your network's DNS server to return the Local VM IP for all the subdomain in use. This way when your PC/Laptop accesses a domain, it starts using the Local VM IP instead of the public IP to connect to Cloudron. Devices outside the network will continue to use the public IP address as expected.
How do I go about configuring my network's DNS servers to return to the local VM IP? And by VM IP would that be my Ubuntu IP address?
-
@danteswrath said in Can't get my domain to work with Cloudron:
Okay, I checked out that workaround, but I'm still new to these sort of configuration, so would you be able to walk me through some of it?
Sure. But before that, did you confirm you can access Cloudron from an external network? Just want to make sure that hairpin NAT is the real issue here.
-
I apologize, I did try accessing it through an external network and it's still giving me the same error.
-
@danteswrath Ah ok, I think we need to debug that first. I don't know why you see a cloudflare access page even when cloudflare proxying is disabled. You have to take this up with cloudflare, I guess.
In fact, the cloudflare page shows "DNS record of some private IP (192.168.x.x)" , not sure what this means.
-
Okay, I will work with Cloudflare and see if there is anything they can help with.
That error that you are referring to only came up when I tried accessing Cloudron by just typing in my Ubuntu IP into my address bar.
-
@danteswrath Oh. So then, what do you get if you access from outside via
https://my.domain.com
? Once setup, Cloudron can only be accessed via domain name and not IP address.(I also don't understand how accessing by IP address shows a cloudflare page, but that's some other issue).
-
Well now, both external to my network and internal to my network, I'm just getting "This site can't be reached."
-
Not sure I am fully following, but to get anything Cloudron related out of the way, I assume you are connecting to your Ubuntu server via SSH from your laptop. If this is the case, can you ensure that using your public IP (the one you get when visiting for example https://www.whatismyip.com/ from within your local network, without using any kind of vpn) you can SSH into your server? This requires the very same portforwarding rules like Cloudron requires for other ports. So if you can make this work for your SSH port, then just do the same for basically all ports mentioned at https://docs.cloudron.io/security/#inbound-ports
-
Okay, so just tried a completely fresh install. New install of Ubuntu and Cloudron. Still getting "Site can't be reached." Also just tried SSH, which actually did work without me having to port forward the SSH port in my router.
-
Also, what's really strange is that since I did a fresh install, I initially had to go to my Ubuntu's IP address to do the initial setup.
After I entered my domain with my Cloudflare API Key the page refreshed to my domain, which the page gave me the same message I've been getting.
Now, the weird thing is, if I enter in my Ubuntu IP address in my address bar, it loads the Cloudron setup page, but then refreshes again to my domain and gives me the "site can't be reached" again.
-
@danteswrath can you actually run
curl http://localhost
via SSH on your server? If yes, then nginx is responding correctly. Next would be to runcurl http://<localipofyourserver>
from your laptop within the same network. If this works, the server firewall is also fine. Then this is some configuration of your router which is still off. -
Okay so ran both commands and got this for both:
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html> -
@danteswrath that means http is working as expected. Then if you do the same only replace
http
withhttps
to test SSL.Just to be sure, http is on port 80 and httpS is on port 443, in case you only have port 80 currently forwarded.
-
This is what I get when I try "https" instead of "http"
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above. -
@danteswrath ok, so this is also not too bad, since Cloudron does come up with a self-signed certificate initially until the setup via browser is finished and a real domain is setup.
So what happens now if you go to
https://<your public ip>
? It would be expected to see a browser warning about insecure page, which you have to skip to reach the dashboard domain setup. -
@danteswrath then this is something about your browser, if curl works as expected. Do you have any addons active which could interfere here? Note as mentioned, that using a self-signed certificate is usually considered unsafe, which is why maybe some security related addon or some browser setting itself could "protect" you here. Can you try some other browser maybe?