Advice for self-hosting? Can't get past Unbound install.
-
Hi,
I've been trying for days to get Cloudron to run on an Ubuntu Server 22.04, but for one reason or another it can't finish the install. One night I was playing around and not documenting (dumb) and changed the ip routing or ip addr settings and it installed, but nginx failed.
Here's what I got:
-
Firewalla Gold in router mode. I've tried several approaches, considering that I also have a Synology NAS requiring ports 80 & 443. Previously, the NAS was on the default IP address (I have .58 - .62). I figured out how to have the NAS run on the non-default, .59.
-
Intel NUC with two ethernet adapters. From limited networking knowledge (I'm more of a dev/tech generalist LOL), I think two ethernet connections are required. But I don't know for sure, either way they're assigned static IPs from the Firewalla ending in 201 & 202.
The server, say, nuc.myhouse.com, has the Cloudflare (no orange cloud) pointing to .58. When I a request from the NAS asking what my IP is, it returns that address.
On the Firewalla, I have the device's "local domain" set to myhouse.com so that it reads "nuc.myhouse.com" locally. On the Firewalla, ports 80 & 443 are open for .58 and set to forward to the nuc. (I've also tried putting the nuc in the DMZ and that didn't make any impact.)
So, the IPs are set and domains configured. Now, on a FRESH Ubuntu install, I go to install Cloudron. I usually update /etc/hosts and /etc/hostname but I'll leave them alone for this post and go straight to the install. So, I login as root and download and run the installer.
Everytime I run this, what happens is that after installing unbound it tries to download packages and I end up seeing "Temporary failure resolving 'us.archive.ubuntu.com'".
Now, I can't ping anything unless I follow the recommendation found at https://docs.cloudron.io/troubleshooting/ to edit forward-everything.conf. After editing and restarting unbound, I can ping google.com, etc again. But now when I try running the installer, it wants me to start with a fresh Ubuntu install.
I've tried getting around this by removing nginx/docker/node whatever it's already installed, but nonetheless... I can't get it to work and I'm truly stumped.
I don't know what I need to do before hand so that Unbound doesn't break once it's setup, but I don't know how. I've relied on Vultr or Digital Ocean to do it for me, but last month's bill was $80 and I have a more powerful machine sitting right here if I could just figure out how to get the darn thing to work LOL.
Any assistance, advice, input, thoughts, whatever's helpful would be appreciated.
Thanks,
AJ -
-
-
@ajtatum I‘m no expert on networking but it sounds like that „Firewalla“ thing is the issue if you can’t ping anything on a fresh Ubuntu install. I run Cloudron on a NUC behind a simple router with a dynamic IP address and Open ports as recommended and did not have had such issues….
-
make sure your Ubuntu install can reach the internet and has proper DNS configured before installing Cloudron.
You have all the examples you need to verify it works before starting, yes?
Get a fresh pair of eyes on the Firewalla side too, or look at another system that is already configured and works for both inbound and out.
-
At the point of where the installer fails and DNS resolving breaks down on your system, it probably means that unbound is not starting or working correctly. The resolving on your system will switch to unbound and if that is not working the whole resolving fails.
To get further info what happens, we would need to see logs and status of unbound at the point when it fails. Also probably the installer logs would help better understand at which point it exactly fails.
-
N nebulon marked this topic as a question on
-
@nebulon I most definitely think it's something with the Firewalla and having multiple WAN IPs. Firewalla can't, for some reason, specify that a device use a given IP address. I changed my whole network for my NAS not to use the default WAN IP as that requires port 80 & 443 to be open. So, the default WAN's port 80 & 443 forward to the NUC. I can access the internet after a fresh install of Ubuntu... I ping Google and even looking at the logs I can see it downloading packages and then as soon as unbound gets turned or restarted... it can't reach the internet anymore. The only way is be manually setting the name servers, but that gets lost as soon as unbound or the system restarts.
Where do I send the logs to?
-
-
@robi I finally figured out how to get it work and play nice, with no thanks to Firewalla. Their customer service is by far the worst I've encountered and they don't provide any networking advice. Thanks to your documentation though, I learned a few things and changed the NUC to have the outbound IP address in /etc/hosts so *.62 my.nuc.com, along with additional lines for local networking. After several repeated reinstalls of our script (sorry, I commented out the lines that check if nginx, docker, or node are installed), I was able to get it work, but it was hacky at first. The issue here was that Cloudron does a request to get the IP address. Since I couldn't EXACTLY figure out how to tell Firewalla to assign that outbound IP to the machine, it would receive my default IP.... *.58. So, after it said "success go to *.58" I went there and it loaded up locally and then went into Cloudrons network config in the UI and specified .62 as the IP address. This then matched what I had in Cloudflare and was able to get everything back up and running!
I did have to make a change, and, again, thanks to your documentation it made it super simple. Email wasn't working. So, in the Firewalla I set the domain to "mrvl.lan" and then made the changes on the nuc to have:
server: private-domain: "mrvl.lan" domain-insecure: "mrvl.lan" forward-zone: name: "mrvl.lan" forward-addr: 192.168.195.2I go back to the Firewalla and SSH into it and find their Unbound config, and added this line a line for "local-data-ptr" that has the WAN IP and the mail server domain... and... FINALLY.... it all worked. Now the only thing left is to mount my NAS to it and go crazy with apps as it's loaded up on memory (64GB) and plenty of onboard disk space LOL. I may be requesting more apps soon, specifically Plex, Radaar, etc to take the load off the NAS (it doesn't do Plex while having some VMs running).
Anyway, sorry for the long post. I'm just super excited to be out of paying Vultr $60+ a month and to have it local on a much more powerful machine, so I don't have to toggle apps on and off anymore. It's glorious!
-
A ajtatum has marked this topic as solved on
