Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.



  • Hi,
    I'm starting with a Cloudron self-host on a Nuc hosted in my home network.

    Firefox can't establish a connection to the server at https://my.SUBDOMAIN.DOMAIN.org/.

    If I try to visit the IP of the server, I see, momentarily the mention of cloudron at the top of the page, then it redirects to https://my.SUBDOMAIN.DOMAIN.org/ with the same error.

    I'd appreciate any support you can give me. 🙏

  • Staff

    Hi,

    so can you verify that my.subdomain.domain.org resolves correctly to your home IP?
    Also I assume you were initially visiting the home IP to go through the cloudron dns setup step?
    Furthermore please make sure all ports mentioned at https://cloudron.io/documentation/security/#cloud-firewall are correctly port-forwarded to your server (assuming your server is behind your home router)

    The self-signed certificate is initially expected and you have to accept the exception in your browser.

    Finally, since this is a home connection you probably want to setup an email relay as well configure https://cloudron.io/documentation/networking/#dynamic-dns if your IP is not statically assigned.


  • I run Cloudron out of a lenovo tiny workstation mounted right next to my router in a closet, with Gandi too!
    Port forwarding + email relay were the parts that got me too. Double check all that and if you need more help, just ask.


  • @nebulon said in Self-host install issues:

    Hi,

    Hi!

    so can you verify that my.subdomain.domain.org resolves correctly to your home IP?

    yes it does.

    bernard@lenny:~/bin$ ping my.subdomain.domain.org
    PING my.subdomain.domain.org (1.2.3.4) 56(84) bytes of data.
    64 bytes from 4.3.2.1.in-addr.arpa (1.2.3.4): icmp_seq=1 ttl=58 time=94.0 ms
    

    However subdomain.domain.org does not resolve to my home IP:

    bernard@lenny:~/bin$ ping subdomain.domain.org
    ping: subdomain.domain.org: No address associated with hostname
    

    In my gandi livedns there is an entry for:

    my.subdomain A 1.2.3.4
    subdomain TXT "v=spf1 a: ~all"
    cloudron._domainkey.subdomain TXT

    Also I assume you were initially visiting the home IP to go through the cloudron dns setup step?

    Correct, which was giving me the login for my Internet router (with https://), so I visited the internal IP address of the cloudron server and start the cloudron dns setup step from there.

    Furthermore please make sure all ports mentioned at https://cloudron.io/documentation/security/#cloud-firewall are correctly port-forwarded to your server (assuming your server is behind your home router)

    Some of these weren't. I've now opened them all on the router and NAT'ed them correctly.

    The self-signed certificate is initially expected and you have to accept the exception in your browser.

    Yep I did.

    Finally, since this is a home connection you probably want to setup an email relay as well configure https://cloudron.io/documentation/networking/#dynamic-dns if your IP is not statically assigned.

    Not an issue as I have a static IP.

    Thanks for the help so far.

  • Staff

    @ei8fdb In your examples, 1.2.3.4 is your public static IP right and not the home network IP, correct?

    I would try connecting to my.subdomain.domain.org from your mobile network as a next step. Does that work? (my suspicion is that maybe your router does not support NAT loopback)


  • @girish said in Self-host install issues:

    @ei8fdb In your examples, 1.2.3.4 is your public static IP right and not the home network IP, correct?

    Correct the public static IP.

    I would try connecting to my.subdomain.domain.org from your mobile network as a next step. Does that work? (my suspicion is that maybe your router does not support NAT loopback)

    I tried that earlier (didn't mention it) error given is:

    secure connection failed.

    I did read your blogpost about NAT loopback. I'm currently looking to verify if it does/not support it. Its a Zyxel VMG1312-B10D router. If it doesn't support it, do I have any options?

  • Staff

    @ei8fdb said in Self-host install issues:

    secure connection failed.

    When it says this, does it allow you to accept self-signed certificates? If so, accept it, create admin, then go into Domains -> Renew all Certs. I think maybe getting the cert failed (for some reason). If cert renewal still fails, then can you check the Logs?


  • @girish said in Self-host install issues:

    When it says this, does it allow you to accept self-signed certificates? If so, accept it, create admin, then go into Domains -> Renew all Certs. I think maybe getting the cert failed (for some reason). If cert renewal still fails, then can you check the Logs?

    No, there's on interaction apart from "try again" button.

    Full error message is:

    (firefox)

    Secure Connection Failed
    1. The page you're trying to view cannot be shown because the authenticity of the received data could not verified.
    2. Please inform the website owners to inform them of this problem.
    
    Try again (button)
    

  • @ei8fdb What does chrome or IE say?


  • @will said in Self-host install issues:

    @ei8fdb What does chrome or IE say?

    I don't think it's possibe to install IE on an Android phone?

    Chrome on my phone, using 4G data connection

    This site can't be reached
    my.subdomain.domain.orgunexpectedlt closed the connection
    Try:
    Checking the connection

    ERR_CONNECTION_CLOSED

    This site can't be reached
    subdomain.domain.org's server IP address could not be found
    DNS_PROBE_FINISHED_NXDOMAIN

    I'm unclear - shouldn't subdomain.domain.org have a DNS record, like my.subdomain.domain.org has?

    @girish has mentioned the router might not support NAT Loopback. Is there any way I can confirm that? If not, are there any options?


  • @ei8fdb subdomain.domain.com doesn't get an a record unless you put a site there, because Cloudron doesn't have any apps parked there.

    I'm not sure about how the loop back pinning support plays into this, but I'd run through the checklist again to make sure nothing was missed.

    1) Verify that you can ping both your static public IP, and the private LAN IP of your Cloudron server. Just to make sure you have connectivity to both.
    This is just a sanity check to make sure there isn't some bigger problem.

    2) Correct IP in Gandi Dashboard
    Just double deck that this is your static IP.

    3) DNS propagation (ping from desktop or whatever and make sure the DNS resolves to the correct IP)
    Double check that Gandi has passed your DNS/IP settings to other name servers.

    4) Turn off port forwarding and go to my.subdomain.domain.com
    Expected result, your router login.

    This verifies the path between:
    [You]-------> [DNS Name Resolution] ------> [IP Address] -----> [Path back home to your server]
    If that is good, we go deeper.

    5) Turn on port forwarding and try that again.
    Expected result: Cloudron login screen.*

    6) Try to load on both IE and your phone on 4g and report results.
    Just to make sure the setup is correct, but the problem still exists.

    Run through those steps, even if you've done them before, just to be thorough. Let us know what happens.

    (I'm in meetings all day, I only skimmed, I hope this helps)