Self-host install issues

nebulon

Hi,

so can you verify that my.subdomain.domain.org resolves correctly to your home IP?
Also I assume you were initially visiting the home IP to go through the cloudron dns setup step?
Furthermore please make sure all ports mentioned at https://cloudron.io/documentation/security/#cloud-firewall are correctly port-forwarded to your server (assuming your server is behind your home router)

The self-signed certificate is initially expected and you have to accept the exception in your browser.

Finally, since this is a home connection you probably want to setup an email relay as well configure https://cloudron.io/documentation/networking/#dynamic-dns if your IP is not statically assigned.

will

I run Cloudron out of a lenovo tiny workstation mounted right next to my router in a closet, with Gandi too!
Port forwarding + email relay were the parts that got me too. Double check all that and if you need more help, just ask.

ei8fdb

@nebulon said in Self-host install issues:

Hi,

Hi!

so can you verify that my.subdomain.domain.org resolves correctly to your home IP?

yes it does.

bernard@lenny:~/bin$ ping my.subdomain.domain.org
PING my.subdomain.domain.org (1.2.3.4) 56(84) bytes of data.
64 bytes from 4.3.2.1.in-addr.arpa (1.2.3.4): icmp_seq=1 ttl=58 time=94.0 ms

However subdomain.domain.org does not resolve to my home IP:

bernard@lenny:~/bin$ ping subdomain.domain.org
ping: subdomain.domain.org: No address associated with hostname

In my gandi livedns there is an entry for:

my.subdomain A 1.2.3.4
subdomain TXT "v=spf1 a: ~all"
cloudron._domainkey.subdomain TXT

Also I assume you were initially visiting the home IP to go through the cloudron dns setup step?

Correct, which was giving me the login for my Internet router (with https://), so I visited the internal IP address of the cloudron server and start the cloudron dns setup step from there.

Furthermore please make sure all ports mentioned at https://cloudron.io/documentation/security/#cloud-firewall are correctly port-forwarded to your server (assuming your server is behind your home router)

Some of these weren't. I've now opened them all on the router and NAT'ed them correctly.

The self-signed certificate is initially expected and you have to accept the exception in your browser.

Yep I did.

Finally, since this is a home connection you probably want to setup an email relay as well configure https://cloudron.io/documentation/networking/#dynamic-dns if your IP is not statically assigned.

Not an issue as I have a static IP.

Thanks for the help so far.

girish

@ei8fdb In your examples, 1.2.3.4 is your public static IP right and not the home network IP, correct?

I would try connecting to my.subdomain.domain.org from your mobile network as a next step. Does that work? (my suspicion is that maybe your router does not support NAT loopback)

ei8fdb

@girish said in Self-host install issues:

@ei8fdb In your examples, 1.2.3.4 is your public static IP right and not the home network IP, correct?

Correct the public static IP.

I would try connecting to my.subdomain.domain.org from your mobile network as a next step. Does that work? (my suspicion is that maybe your router does not support NAT loopback)

I tried that earlier (didn't mention it) error given is:

secure connection failed.

I did read your blogpost about NAT loopback. I'm currently looking to verify if it does/not support it. Its a Zyxel VMG1312-B10D router. If it doesn't support it, do I have any options?

girish

@ei8fdb said in Self-host install issues:

secure connection failed.

When it says this, does it allow you to accept self-signed certificates? If so, accept it, create admin, then go into Domains -> Renew all Certs. I think maybe getting the cert failed (for some reason). If cert renewal still fails, then can you check the Logs?

ei8fdb

@girish said in Self-host install issues:

When it says this, does it allow you to accept self-signed certificates? If so, accept it, create admin, then go into Domains -> Renew all Certs. I think maybe getting the cert failed (for some reason). If cert renewal still fails, then can you check the Logs?

No, there's on interaction apart from "try again" button.

Full error message is:

(firefox)

Secure Connection Failed
1. The page you're trying to view cannot be shown because the authenticity of the received data could not verified.
2. Please inform the website owners to inform them of this problem.

Try again (button)

will

@ei8fdb What does chrome or IE say?

ei8fdb

@will said in Self-host install issues:

@ei8fdb What does chrome or IE say?

I don't think it's possibe to install IE on an Android phone?

Chrome on my phone, using 4G data connection

• Trying to access my.subdomain.domain.org error:

This site can't be reached
my.subdomain.domain.orgunexpectedlt closed the connection
Try:
Checking the connection

ERR_CONNECTION_CLOSED

• Trying to access subdomain.domain.org error

This site can't be reached
subdomain.domain.org's server IP address could not be found
DNS_PROBE_FINISHED_NXDOMAIN

I'm unclear - shouldn't subdomain.domain.org have a DNS record, like my.subdomain.domain.org has?

@girish has mentioned the router might not support NAT Loopback. Is there any way I can confirm that? If not, are there any options?

will

@ei8fdb subdomain.domain.com doesn't get an a record unless you put a site there, because Cloudron doesn't have any apps parked there.

I'm not sure about how the loop back pinning support plays into this, but I'd run through the checklist again to make sure nothing was missed.

1) Verify that you can ping both your static public IP, and the private LAN IP of your Cloudron server. Just to make sure you have connectivity to both.
This is just a sanity check to make sure there isn't some bigger problem.

2) Correct IP in Gandi Dashboard
Just double deck that this is your static IP.

3) DNS propagation (ping from desktop or whatever and make sure the DNS resolves to the correct IP)
Double check that Gandi has passed your DNS/IP settings to other name servers.

4) Turn off port forwarding and go to my.subdomain.domain.com
Expected result, your router login.

This verifies the path between:
[You]-------> [DNS Name Resolution] ------> [IP Address] -----> [Path back home to your server]
If that is good, we go deeper.

5) Turn on port forwarding and try that again.
Expected result: Cloudron login screen.*

6) Try to load on both IE and your phone on 4g and report results.
Just to make sure the setup is correct, but the problem still exists.

Run through those steps, even if you've done them before, just to be thorough. Let us know what happens.

(I'm in meetings all day, I only skimmed, I hope this helps)

grimm1369

I turned off port forwarding and attempted to go to my.twilightknights.org it does not go to my routers page.

I am using cloudflare for my dns

My dns enteries are
A
my
(routers Public IP) removed for security.

DNS only

2 min
EditWhen toggled open, an additional table row will be added below this row to enable editing DNS records.
TXT
cloudron._domainkey
"v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl3h89mEscwVqqWwMC6z86/fqdx1VGBU56vPaaJCND+DgL410RBUCOJejWb0zWtTG3vVy94HMOO+P0ZQhFLxNBcfzip3yJLH4TGgsuVjAntmLeVeLr57NF+ozASQcrjizO7x7nlJFMgEyG4MixD+9dZ815YO+cF/mWvUUMzATbUQIDAQAB"
DNS only

2 min
EditWhen toggled open, an additional table row will be added below this row to enable editing DNS records.
TXT
_dmarc
"v=DMARC1; p=reject; pct=100"
DNS only

2 min
EditWhen toggled open, an additional table row will be added below this row to enable editing DNS records.
TXT
twilightknights.org
"v=spf1 a:my.twilightknights.org ~all"
DNS only

2 min
EditWhen toggled open, an additional table row will be added below this row to enable editing DNS records.

girish

@grimm1369 Let's continue this further at https://forum.cloudron.io/post/44414