Solved New to Cloudron... I have it working... I think?

diehardbattery

So I've been able to install Cloudron and get it working. I successfully installed Guacamole which is working fine and is accessible outside my network. I use CloudFlare for my domain including DNS. Unfortunately I've encountered an issue where my domain also uses Google Workspace (mysparenoggin.me). Since Cloudron was installed, Google has been blocking all outgoing emails (can still receive). I know this has something to do with DMARC but honestly I'm in over my head.

To add, I am also unable to access my Cloudron dashboard via the domain name (my.mysparenoggin.me). I get various SSL errors depending on the browser (HSTS on MS Edge, unknown issuer (CloudFlare when I view the cert) on Firefox, which additionally returns cannot find that site if I attempt to proceed). I would love to solve these 2 issues but I am at a loss on how to proceed. I did follow the troubleshooting steps from Cloudron Docs but all seems fine in that regard.

subven

First off you have to disable Cloudflares universal SSL certificates.

Second...what did you configure for SSL at the Cloudron Setup? Maybe you ran into the lets encrypt rate limits due to wrong configuration.

diehardbattery

@subven I honestly don't remember setting anything up for SSL. When I first setup Cloudron I chose CloudFlare when it wanted the DNS info and that was it. As for disabling universal SSL, it looks as if I wouldnt be able to access anything I have via CloudFlare unless each service has its own encryption? I also use a Kemp load balancer that uses CloudFlare SSL including the root cert. Would that be affected? I don't remember doing anything with LetsEncrypt so unless it's running in the background and manages itself automatically I don't believe there was any input from me regarding that.

subven

@diehardbattery Cloudron does automatic SSL for every app and the Dashboard via Lets Encrypt so please disable Cloudflares universall SSL for the domain you choose to be managed by Cloudron just toibe sure that this is not the root cause of your problems.

I would also advice to read the docs regarding Cloudflare DNS and the various support tickets.

diehardbattery

@subven I have gone ahead and disabled it. Now I get a connection timeout error no matter what browser I use. My other services are now down as well. I'm also not sure about the relevancy of the links you provided. The first link assumes I can get into the Cloudron dashboard which I cannot. It also says to provide the Cloudflare API key, which I did so in the initial setup. I was able to at some point without changing anything, otherwise how would I have successfully installed Guacamole?

Also, I re-enabled Universal SSL to see if my other sites come back. They do not. So I have to redo keys for those as well?

girish

@diehardbattery Hard to make out what is the current status of the server/dns, are you able to write to support@cloudron.io with your server IP and domain name ? We can help you out there.

diehardbattery

@girish I believe I might have solved at least part of the problem. I use a Kemp Load Balnacer that uses port 443. It also acts as a reverse proxy. Assuming everything for Cloudron uses port 443, I needed to create a content matching rule to direct to the correct domain. As for disabling Universal SSL, I had to generate new keys for everything else that uses it.

robi

FYI, as I wasn't familiar with Kemp, I looked it up and they have a free LB good for 20mbit at L7.

More specs at:
https://freeloadbalancer.com/

Might be useful as an app for Cloudron too.

@diehardbattery feel free to create an app request in the forum, since you introduced it.

diehardbattery

@robi There is a pretty good tutorial (CloudFlare based) on YouTube about setting it up.

subven

@diehardbattery well Cloudron requires a lot of more ports then just 443. Maybe thats why your SSL cert creation with Lets Encrypt failed in the first place.

You never told us that you use the Domain for other services then Cloudron and therefore depend on the Universal SSL feature (which is not ideal).

I see your dashboard working. Is your mail problem fixed so far?

diehardbattery

@subven Sorry I wasn't clear on the domain thing. It's fixed now so no worries. I do have email working. I disabled mail in Cloudron (I don't see a use for it as it is just me), and redid the dmarc and other records that Google requires.