cloudron ssl behind fritz!box
-
@subven said in cloudron ssl behind fritz!box:
As a german, I know what a FritzBox is I think you're still at the wrong path since the exposed host exactly does what it should and the webserver of the Fritzbox does not interfer there.
There is enough information within this thread to fix your problem.- there were others asking, please excuse if I am wasting your valuable time with text that you deem not appropriate
- is it visible/ does it matter you're German?
- apparently, the webserver of the Fritzbox does interfere, as the fritzbox certificate is presented when accessing the page through a browser. This precisely does not make much sense to me either, but I don't understand how and why this happens.
@subven said in cloudron ssl behind fritz!box:
Cloudron does not work without a domain you own or at least can controle.
As said before, the domain is registered and I do control the DNS
-
I am running the same setup here and the exposed host option is the easiest thing to use here. If you have set your Cloudron instance as exposed host (and make sure only one host is exposed) then the fritzbox webinterface should not interfere. If it does maybe you have to check on your fritzbox settings and maybe reset some.
Also just to be sure, the exposed host is reachable via your public IP.
So the first thing is to make sure you can SSH into your ubuntu server / Cloudron using the public IP. If that works, then we are a big step forwards.
-
@andreasb said in cloudron ssl behind fritz!box:
As said before, the domain is registered and I do control the DNS
You said you do not use a DNS provider
The problem is within your FritzBox configuration thats why you get an webserver answer from the box and not Cloudron. Did you turned on the remote maintenance function or linked the box to a myfritz account? Does your Cloudron use DCHP with a reservated address (mandatory for exposed hosts to work).
Check if ports you want to use are already in use. You can do so by trying to open them up manually (errors out if port is already in use). Last, check TCP-Port for FritzBox services itself:
-
@nebulon yes, had read that in another thread before, and still it doesn't work in my case - no idea why not.
- The cloudron is the one and only exposed host on the fritzbox
- the dyndns-service seems to work properly: the ip there is regularly updated, and the ip is correct.
- connection through SSH using the external IP as well works.
Only when trying to access the cloudron UI through "my.xxx.yyy", all browsers I tested (firefox, edge, opera, brave) throw "insecure connection", and the certificate presented is the self-signed one of the fritzbox.
I had been wondering if naming plays a role. @nebulon, you did not by chance change the fritzbox's name from the default "fritz.box" to sth else?
-
@subven said in cloudron ssl behind fritz!box:
You said you do not use a DNS provider
not one of the "automated" ones like Cloudflare but Cloudron's "custom" way. but of course, the domain is registered
- no, I'm not using myfritz,
- I tested both configurations regarding the remote maintenance function, make fritzbox accessible from outside and not - this did not change anything.
- yes, the cloudron is on a fixed IP
-
-
@andreasb said in cloudron ssl behind fritz!box:
Only when trying to access the cloudron UI through "my.xxx.yyy", all browsers I tested (firefox, edge, opera, brave) throw "insecure connection", and the certificate presented is the self-signed one of the fritzbox.
That's because your fritzbox is answering on port 443 instead of passing it on to Cloudron.
Disable web/management access to the fritzbox from the internet side (or change the port), so that 443 is available to be forwarded to the internal Cloudron IP.
-
thx for everybody's inputs and sorry for my delay - took some time testing, and here's my wrap-up.
on the Fritzbox
- external access is deactivated in two places: remote administration, FB "Fritz!Box-Dienste", application access ("Heimnetz, Netzwerkeinstellungen")
- the Cloudron is configured as an "exposed host"
- DynDNS is configured and working correctly, the provider is DynV6.com
- DNS rebind protection: exemptions configured for the Cloudron ("my.*"), as well as for the apps running on the Cloudron
as a result, access from internet IPs works and the Cloudron as well as all apps are reachable.
Still, if accessed from a computer within Fritzbox-Network (192.168.x.y), neither app, nor the Cloudron respond. Instead, the already mentioned Fritzbox access page shows.
So it's not perfect, but usable and my question is answered.
-
@andreasb accessing the server with the local IP is expected to not work. For a start Cloudron uses domains to figure out which app the reverse proxy on cloudron should forward the request to and if you access the fritzbox internal IP it will always respond with its own interface. At least that is the only behavior I know.
-
@nebulon
as said, there's no real problem right now, still I don't understand the behaviour and am curious.you're talking about accessing the Cloudron through entering the IP (192.168.x.y) in the browser?
It's clear that this wouldn't work and this is not what I'm doing, it's a little more complicated:
- the PC I'm accessing from, is in the same network segment than the cloudron (192.168.x.z).
- OpenVPN is active, the OpenVPN service is on a second cloudron outside in the internet
- still, when entering the URL (https://my.domain.*), the fritzbox page shows
- as soon as I connect the PC to a different network segment (192.168.y.z) everything works!
I don't understand why. Shouldn't the use of external VPN service make the internal source IP invisible?
