Solved Can't get my domain to work with Cloudron
-
So, I've installed Cloudron on a Ubuntu VM on my Proxmox server. During the Cloudron setup I used my Cloudflare domain and used the API global key to get everything set up, but it didn't work. I have the error attached.
Now, I was able to get the initial setup working by going to the IP address of my Ubuntu server, but then ran into an issue getting guacamole installed. Now, after rebooting my Ubuntu server and trying to get back in, the IP and my domain are not working at all.
-
During the Cloudron setup I used my Cloudflare domain and used the API global key to get everything set up, but it didn't work. I have the error attached.
Does this mean you could not complete the DNS setup ?
Now, I was able to get the initial setup working by going to the IP address of my Ubuntu server, but then ran into an issue getting guacamole installed.
It looks like you did complete the DNS setup. Once the DNS setup is complete, you cannot navigate to Cloudron by IP address. You should instead only go to
https://my.domain.com. This is because when you have multiple apps on a single server/IP, the only way to distinguish which app is to be served to the browser is by the domain name. Just the IP address is insufficient. -
Also, for a start, just to help debugging this, I would remove cloudflare proxying. You can do this by going inside Cloudflare and clicking on the orange cloud icon for the domains.
-
Yeah that didn't work. Still giving me the error 522 and saying that it can't connect to the host. So, which IP address should I use for my DNS records in my Cloudflare account? Also, another thing I did that I thought would help is I port forwarded 443 and 80 in my router to the private IP of my Ubuntu server.
-
Ah if your instance is behind a NAT in your local network, then you have to forward a few ports from your router to the internal Cloudron server. 443 and 80 are basically the bare minimum. You can get some overview at https://docs.cloudron.io/security/#cloud-firewall
Further as @girish recommended, disable the cloudflare proxying at first until you managed to get it working without it. Just to rule out one possible point of failure.
The DNS records values in your case would be the public IP of your router. Then with the portforwarding rules, the connections will reach your internal Cloudron server. In case you are on an ISP connection where the IP might change on reconnect, you can consider using the dyndns feature of Cloudron. -
Topic has been marked as a question
girish
-
Yeah I've made sure that port 443 and 80 are port forwarded on my router and I have made sure to disable the proxy in my cloudflare account for my DNS records and it still gives me the same error I attached in the beginning. I can't reach the web application at all. Is there a way to troubleshoot through the command line on my Ubuntu server itself?
-
@danteswrath The initial error screenshot shows a cloudflare error. You are still seeing the same error despite having cloudflare proxying disabled?
-
As a way to debug, try this on cloudron server itself:
- Make a note of your public IPv4 .
curl https://ipv4.api.cloudron.io/api/v1/helper/public_ip - Then,
host my.domain.com 8.8.8.8. Does this print the above public IPv4 IP address? - Then,
curl https://my.domain.com. Does it print some html? - Then, if you open
https://my.domain.comin browser, does it work?
- Make a note of your public IPv4 .
-
Okay, I used the first command and it posted my public IP. I used the host my.domain.com 8.8.8.8 and that also printed my public IP.
Now, when I tried curl https://my.domain.com, it gave me the following:
curl: (7) Failed to connect port 443: connection refused
So, I've made sure that port 443 and 80 are port forwarded on my Ubuntu private IP address and I have the DNS records set to my public IP in my Cloudflare account with the proxy disabled and it's still not working.
-
@danteswrath said in Can't get my domain to work with Cloudron:
curl: (7) Failed to connect port 443: connection refused
This is most likely to do with your router not supporting hairpin/loopback NAT. What you can do to verify this is connect from outside your network and see if the curl works. If that works, either you need a router that supports hairpin NAT. Alternately, try the workaround at https://docs.cloudron.io/troubleshooting/#hairpin-nat
-
Okay, I checked out that workaround, but I'm still new to these sort of configuration, so would you be able to walk me through some of it?
This option in the workaround confuses me a bit:
Configure your network's DNS server to return the Local VM IP for all the subdomain in use. This way when your PC/Laptop accesses a domain, it starts using the Local VM IP instead of the public IP to connect to Cloudron. Devices outside the network will continue to use the public IP address as expected.
How do I go about configuring my network's DNS servers to return to the local VM IP? And by VM IP would that be my Ubuntu IP address?
-
@danteswrath said in Can't get my domain to work with Cloudron:
Okay, I checked out that workaround, but I'm still new to these sort of configuration, so would you be able to walk me through some of it?
Sure. But before that, did you confirm you can access Cloudron from an external network? Just want to make sure that hairpin NAT is the real issue here.
-
I apologize, I did try accessing it through an external network and it's still giving me the same error.
-
@danteswrath Ah ok, I think we need to debug that first. I don't know why you see a cloudflare access page even when cloudflare proxying is disabled. You have to take this up with cloudflare, I guess.
In fact, the cloudflare page shows "DNS record of some private IP (192.168.x.x)" , not sure what this means.
-
Okay, I will work with Cloudflare and see if there is anything they can help with.
That error that you are referring to only came up when I tried accessing Cloudron by just typing in my Ubuntu IP into my address bar.
-
@danteswrath Oh. So then, what do you get if you access from outside via
https://my.domain.com? Once setup, Cloudron can only be accessed via domain name and not IP address.(I also don't understand how accessing by IP address shows a cloudflare page, but that's some other issue).
-
Well now, both external to my network and internal to my network, I'm just getting "This site can't be reached."
-
Not sure I am fully following, but to get anything Cloudron related out of the way, I assume you are connecting to your Ubuntu server via SSH from your laptop. If this is the case, can you ensure that using your public IP (the one you get when visiting for example https://www.whatismyip.com/ from within your local network, without using any kind of vpn) you can SSH into your server? This requires the very same portforwarding rules like Cloudron requires for other ports. So if you can make this work for your SSH port, then just do the same for basically all ports mentioned at https://docs.cloudron.io/security/#inbound-ports
-
Okay, so just tried a completely fresh install. New install of Ubuntu and Cloudron. Still getting "Site can't be reached." Also just tried SSH, which actually did work without me having to port forward the SSH port in my router.
-
Also, what's really strange is that since I did a fresh install, I initially had to go to my Ubuntu's IP address to do the initial setup.
After I entered my domain with my Cloudflare API Key the page refreshed to my domain, which the page gave me the same message I've been getting.
Now, the weird thing is, if I enter in my Ubuntu IP address in my address bar, it loads the Cloudron setup page, but then refreshes again to my domain and gives me the "site can't be reached" again.
-
@danteswrath can you actually run
curl http://localhostvia SSH on your server? If yes, then nginx is responding correctly. Next would be to runcurl http://<localipofyourserver>from your laptop within the same network. If this works, the server firewall is also fine. Then this is some configuration of your router which is still off. -
Okay so ran both commands and got this for both:
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html> -
@danteswrath that means http is working as expected. Then if you do the same only replace
httpwithhttpsto test SSL.Just to be sure, http is on port 80 and httpS is on port 443, in case you only have port 80 currently forwarded.
-
This is what I get when I try "https" instead of "http"
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above. -
@danteswrath ok, so this is also not too bad, since Cloudron does come up with a self-signed certificate initially until the setup via browser is finished and a real domain is setup.
So what happens now if you go to
https://<your public ip>? It would be expected to see a browser warning about insecure page, which you have to skip to reach the dashboard domain setup. -
@nebulon Gives me the same message I've been getting "This site can't be reached."
-
@danteswrath then this is something about your browser, if curl works as expected. Do you have any addons active which could interfere here? Note as mentioned, that using a self-signed certificate is usually considered unsafe, which is why maybe some security related addon or some browser setting itself could "protect" you here. Can you try some other browser maybe?
-
@nebulon I've tried a couple browsers and still the same thing.
-
@danteswrath this is very strange then. Maybe you can send a mail with your public IP to support@cloudron.io so we can test this from here.
-
Unfortunately, we could never figure out why port forwarding does not work with @danteswrath 's router.
@danteswrath If you like you can open a new thread here with your router information and maybe someone knows how to configure it properly.
-
Topic has been marked as solved girish
