Selfhosted

46676 readers

467 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Can't get DNS to work on web server (reddthat.com)

submitted 3 days ago* (last edited 2 days ago) by dr_robotBones@reddthat.com to c/selfhosted@lemmy.world

30 comments fedilink hide all child comments

I'm trying to self host my portfolio on an old laptop running Ubuntu server. I've successfully set up docker and nginx. I got a DNS subdomain from freedns.afraid.org.

The IP connected to the DNS matches my server's public IP address.

I can connect with https://mypublicip/ from outside the network, but it shows as an insecure connection and the https has lines going through it in the browser.

Any attempts to connect to the website via DNS have failed, and trying to connect via IP on port 80 fails as well. I really have no clue what is going on, let me know if you need more information, or if this is the wrong place to ask for help with this sort of thing.

Edit: Whatever problem I had before, it seems its been fixed. However my subdomain is being blocked by ISPs. Thank you for the help everyone, I'll probably have to do cloudflare tunneling instead of fully self-hosting it.

you are viewing a single comment's thread
view the rest of the comments

[–] pezhore@infosec.pub 3 points 3 days ago (1 children)

What does your nginx config look like for ssl? It should specify a certificate and key file - that certificate subject needs to match your fully qualified domain name (fqdn). Certificate can have subject alternative names (SAN) for other names and even IP addresses.

For instance, you could have a single certificate for foo.bar with a SAN for just foo and an IP SAN for 192.168.1.30.

Certificates also need to be signed by a certificate authority (CA), and in order for your browser to visit https://foo.bar/ without a warning your browser must trust that CA.

If you did a self signed cert, this is most likely the problem you're running into.

It's important to know that your communication is still encrypted because of SSL, but since your browser doesn't trust the CA (or the subject doesn't match the FQDN) the browser will say it's not secure.

[–] dr_robotBones@reddthat.com 1 points 2 days ago (1 children)

I can't connect to the domain at all. I think the certificate problem was because I was connecting with the IP address rather than the domain name.

[–] pezhore@infosec.pub 0 points 2 days ago (1 children)

Try this command from a terminal on the system from which you're attempting to connect:

nslookup <yourfqdn>

It should come back with something like this:

~ ❯ nslookup stronk.bond
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   stronk.bond
Address: 172.67.174.80

If it says something like "can't find" that means that your dns isn't configured appropriately. Does your IP address start with 192.168, 10., or 172.? That would be a private IP address (something which isn't accessible from the internet.

Oh! And where is everything - is your workstation/laptop on the same network as your portfolio? Is the portfolio on a different network? That could effect things as well.

[–] dr_robotBones@reddthat.com 1 points 2 days ago (1 children)

I get a 206 address that matches my server's public IP. My laptop is on the same network as the portfolio, but I did test external connections using a mobile hotspot, which resulted in me successfully connecting to the IP address with telnet, but not being able to connect to the domain name. On my phone's browser, while on data, I was able to access my portfolio website using the public IP address as the URL, rather than the domain name.

[–] pezhore@infosec.pub 1 points 2 days ago (1 children)

Just to make sure.

When on your home network, doing nslookup (or similar), your fqdn resolves to your public IP
When on a hotspot, if you go to https://fqdn/ it does not connect (probably with the ERR_CONNECTION_TIMED_OUT that you mentioned below)
When on hotspot, if you to telnet to port 443 on 206.x.x.x, it connects

What happens if you, on the hotspot, try browsing to https://206.x.x.x? When you are on the same network as the portfolio, can you reach https://[internal ip]?

What I'm leaning towards is a router/firewall that may be causing some issues. To help with troubleshooting, does your website server have any local firewalls (for ubuntu that would typically be ufw, but it could be iptables or firewalld)?

[–] dr_robotBones@reddthat.com 1 points 2 days ago (1 children)

I don't have any firewalls, and https://206.x.x.x and the internal IP one both worked.

[–] pezhore@infosec.pub 1 points 2 days ago

Okay, then I'm thinking your router/NAT maybe causing the problem. Typically, your ISP won't block subdomains for dns, they may outright block Source NAT (SNAT), but if you could get through via the IP, you should be good to go.