Stupidly updated Ubuntu - now can't access via the web url
-
I think I have most of my DNS issue sorted now, I now think my cloudron might not be listening on the right ip/port for the forwarded requesting coming from my Kemp LB.
It's online as I'm getting network notifications from Kuma, I just can't get access via the web address, is there somewhere to check what address it's listening to or using in case I need to update the forwarder, I'm just not too sure where to look for this. -
Long shot but do you have port 80 and 443 open and assigned to your server ip?
-
@humptydumpty Yeah, I took the LB out of the loop and just pointed the port forward to the Cloudron server but it either doesn't load or will sometimes give me a cert error, but it's the cert error that Firefox and Chrome just completely block, there is no button to continue at your own risk.
I think I probably didn't set it up right to start with, but that was about 2 years ago, it's been ticking away up until the update.
-
I also own a Ubiquiti.
Did you by any chance make in the firewall the separation of different VLANs? If so, you need to add a rule in “LAN IN”, Address group to server IP address (screenshot 1) and adding to the rule above before the inter-VLAN blocking rule (screenshot 2)
Screenshot 1
Screenshot 2
-
I've rebuilt the server and it appears once I set all 443 traffic to route through the Kemp LB I get the cert error. Not sure why as I don't really have any rules in place on the Dream Machine, and the default rules on unifi is to allow everything through on the vlans.
Not sure what I'm missing. -
@matix131997 I added your rule and it's now working, that's very odd it needs the rule in place. Thanks for your input though!
-
@Chrisr__
I don't know if this will be helpful, but someone on the Ubiquiti forum also had a problem connecting to Kemp LB.It looks like you need to enable VLAN tagging on the LAN on the server
-
Now this is what I think you need to change in the VLAN interface. In the Port Manager, you need to to the particular port where you have the server connected. In the "Native VLAN/Network", set the network where the server will run, and in the "Tagged VLAN Management", set it to “Block All”.
-
@matix131997 Thanks for that, I did see the VLAN tag on the server but as you stated above I have the port set to that one VLAN and that's all that port is used for, I think the VLAN tag would be required if I had it set as trunk port with multiple VLANs passing though that port it would need the tag so it knows what to do with the traffic.
I seem to be up and running again, I think trying to fix this at 2am was a bad idea, found conflicting rules in the Kemp LB which I'm removed and updated the CloudFlare DNS entries so it all seems to be routing again. Pain the back side but a good learning experience.
-
This is a genuine question, and if the answer is too long, and I should really just rtfm, that's fine... but why use such convoluted setups such as yours @Chrisr__ ? The requirements for Cloudron are sooo simple - fresh Ubuntu server. I've always understood that to mean a VPS. I guess a VM. I mean, homelab-type people induce the challenges upon themselves, but out here, I don't understand why people get themselves tangled up in so many working pieces. A VPS, with one IP, with Cloudron set up on it, and properly managed DNS, accessed by ssh, is a can't-beat winner. Is it security? Is it company-mandated? I've always been open about my journey, and can remember when "web hosting" on webfaction was super complicated for me, but I installed MAMP, figured things out; the thought of jumping to a VPS was daunting, and when I did, I messed alot up. But now it's so easy and straightforward, and wonder why ppl subject themselves to trying to make something with so many working pieces work! Am I still simply unenlightened?
-
@scooke I’m interested in knowing too as I’d like to add a few more things to my set up like a hardware firewall, rpi nas, and blueiris (nvr cam system) that can be accessed remotely but also uses my ip and that definitely will conflict with the Cloudron server. But like you said, why over complicate things? It’s the only reason why i didn’t look deeper into this.
-
-