Stupidly updated Ubuntu - now can't access via the web url
-
Hello all,
As the title says I stupidly did an update of Ubuntu last night and now I can't access the cloudron dashboard, I believe it is running as I'm getting notifications from my uptimekuma app, I just can't access it.
I believe it's going to be a networking issue, I'm just not 100% clued in on ubuntu/linux, so I'm hoping someone with a bit more knowledge can point me in the right direction.
When I run the sudo cloudron-support --troubleshoot command, this is what I get.
Vendor: Microsoft Corporation Product: Virtual Machine
Linux: 6.8.0-50-generic
Ubuntu: noble 24.04
Processor: Intel(R) Xeon(R) CPU E5-2696 v3 @ 2.30GHz
BIOS Intel(R) Xeon(R) CPU E5-2696 v3 @ 2.30GHz None CPU @ 2.3GHz x 6
RAM: 8083704KB
Disk: /dev/sda3 95G
[OK] node version is correct
[OK] IPv6 is enabled. No public IPv6 address
[OK] docker is running
[OK] docker version is correct
[OK] MySQL is running
[OK] nginx is running
[OK] dashboard cert is valid
[FAIL] Could not load dashboard website with loopback checkI have run through some of the troubleshooting steps but I think it might be best to start from scratch again in case I have missed something, as I'm still getting the same error code.
Many Thanks,
Chris -
Have you done what‘s mentioned here? https://docs.cloudron.io/guides/upgrade-ubuntu-24/
-
@necrevistonnezr Thanks for that but I think I might have an issue with my Kemp LB, I'm using it as a proxy, but some other services I have hosted aren't reachable atm.
I swapped out my router to a Unifi DM SE a couple weeks ago but last night was probably the 1st time everything had a full power cycle. Will need to do some digging to work out why the LB is not forwarding traffic to my internal services/ not allowing traffic to be sent back.
The other services are reachable via IP/Port so they are up, they just aren't responding to the web addresses.
-
I think I have most of my DNS issue sorted now, I now think my cloudron might not be listening on the right ip/port for the forwarded requesting coming from my Kemp LB.
It's online as I'm getting network notifications from Kuma, I just can't get access via the web address, is there somewhere to check what address it's listening to or using in case I need to update the forwarder, I'm just not too sure where to look for this. -
Long shot but do you have port 80 and 443 open and assigned to your server ip?
-
@humptydumpty Yeah, I took the LB out of the loop and just pointed the port forward to the Cloudron server but it either doesn't load or will sometimes give me a cert error, but it's the cert error that Firefox and Chrome just completely block, there is no button to continue at your own risk.
I think I probably didn't set it up right to start with, but that was about 2 years ago, it's been ticking away up until the update.
-
I also own a Ubiquiti.
Did you by any chance make in the firewall the separation of different VLANs? If so, you need to add a rule in “LAN IN”, Address group to server IP address (screenshot 1) and adding to the rule above before the inter-VLAN blocking rule (screenshot 2)
Screenshot 1
Screenshot 2
-
I've rebuilt the server and it appears once I set all 443 traffic to route through the Kemp LB I get the cert error. Not sure why as I don't really have any rules in place on the Dream Machine, and the default rules on unifi is to allow everything through on the vlans.
Not sure what I'm missing.
-
@matix131997 I added your rule and it's now working, that's very odd it needs the rule in place. Thanks for your input though!
-
@Chrisr__
I don't know if this will be helpful, but someone on the Ubiquiti forum also had a problem connecting to Kemp LB.It looks like you need to enable VLAN tagging on the LAN on the server
-
Now this is what I think you need to change in the VLAN interface. In the Port Manager, you need to to the particular port where you have the server connected. In the "Native VLAN/Network", set the network where the server will run, and in the "Tagged VLAN Management", set it to “Block All”.
-
@matix131997 Thanks for that, I did see the VLAN tag on the server but as you stated above I have the port set to that one VLAN and that's all that port is used for, I think the VLAN tag would be required if I had it set as trunk port with multiple VLANs passing though that port it would need the tag so it knows what to do with the traffic.
I seem to be up and running again, I think trying to fix this at 2am was a bad idea, found conflicting rules in the Kemp LB which I'm removed and updated the CloudFlare DNS entries so it all seems to be routing again. Pain the back side but a good learning experience.
-
This is a genuine question, and if the answer is too long, and I should really just rtfm, that's fine... but why use such convoluted setups such as yours @Chrisr__ ? The requirements for Cloudron are sooo simple - fresh Ubuntu server. I've always understood that to mean a VPS. I guess a VM. I mean, homelab-type people induce the challenges upon themselves, but out here, I don't understand why people get themselves tangled up in so many working pieces. A VPS, with one IP, with Cloudron set up on it, and properly managed DNS, accessed by ssh, is a can't-beat winner. Is it security? Is it company-mandated? I've always been open about my journey, and can remember when "web hosting" on webfaction was super complicated for me, but I installed MAMP, figured things out; the thought of jumping to a VPS was daunting, and when I did, I messed alot up. But now it's so easy and straightforward, and wonder why ppl subject themselves to trying to make something with so many working pieces work! Am I still simply unenlightened?
A life lived in fear is a life half-lived
-
@scooke I’m interested in knowing too as I’d like to add a few more things to my set up like a hardware firewall, rpi nas, and blueiris (nvr cam system) that can be accessed remotely but also uses my ip and that definitely will conflict with the Cloudron server. But like you said, why over complicate things? It’s the only reason why i didn’t look deeper into this.
-
J joseph marked this topic as a question
-
J joseph has marked this topic as solved
