A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Have you set up certificates with LetsEncrypt or something similar?
Since you're running it on your own hardware and obviously have admin privileges, you could try out Certbot:
HTTPS requires signed certificates to be able to connect, that's part of the trust provided in the security. Also, HTTPS is port 443 while HTTP is port 80.
Yes, that's what I did.
The domain name in the certificate has to match the one in the browser. Does it? You haven't said.
Yes it does.
How does it fail exactly? Surely there is some error message.
I get ERR_CONNECTION_TIMED_OUT when trying to connect to it. I don't get any error logs on the server itself. I also got an ERROR_CONNECTION_REFUSED earlier.
And you've verified that the DNS record has the correct IP address? I would check the web server config to make sure it will respond to that name. See if there is anything in the access or error logs.
Yeah the DNS' public IP matches my server's. The access logs have some connections from the SSL validation and from when I successfully connected using the public IP address. The error logs are empty.
If dns resolved then it's not blocked. You need to look at your network.
Bypass dns connect to the ip and port. What happens?
connection timeout doesn't sound like ssl problem to me. is the webserver actually running? i think i read nginx in a different post, you might look for a running nginx process using
ps aux | grep nginx
If it is running, is the connection working with normal http:// on port 80?
I've done further testing with external network connections. I'm getting a Blocked hosts error, it seems my subdomain is being targeted by ISPs.
What does your nginx config look like for ssl? It should specify a certificate and key file - that certificate subject needs to match your fully qualified domain name (fqdn). Certificate can have subject alternative names (SAN) for other names and even IP addresses.
For instance, you could have a single certificate for foo.bar with a SAN for just foo and an IP SAN for 192.168.1.30.
Certificates also need to be signed by a certificate authority (CA), and in order for your browser to visit https://foo.bar/ without a warning your browser must trust that CA.
If you did a self signed cert, this is most likely the problem you're running into.
It's important to know that your communication is still encrypted because of SSL, but since your browser doesn't trust the CA (or the subject doesn't match the FQDN) the browser will say it's not secure.
I can't connect to the domain at all. I think the certificate problem was because I was connecting with the IP address rather than the domain name.
Try this command from a terminal on the system from which you're attempting to connect:
nslookup <yourfqdn>
It should come back with something like this:
~ ❯ nslookup stronk.bond
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: stronk.bond
Address: 172.67.174.80
If it says something like "can't find" that means that your dns isn't configured appropriately. Does your IP address start with 192.168, 10., or 172.? That would be a private IP address (something which isn't accessible from the internet.
Oh! And where is everything - is your workstation/laptop on the same network as your portfolio? Is the portfolio on a different network? That could effect things as well.
I get a 206 address that matches my server's public IP. My laptop is on the same network as the portfolio, but I did test external connections using a mobile hotspot, which resulted in me successfully connecting to the IP address with telnet, but not being able to connect to the domain name. On my phone's browser, while on data, I was able to access my portfolio website using the public IP address as the URL, rather than the domain name.
Just to make sure.
https://fqdn/ it does not connect (probably with the ERR_CONNECTION_TIMED_OUT that you mentioned below)What happens if you, on the hotspot, try browsing to https://206.x.x.x? When you are on the same network as the portfolio, can you reach https://[internal ip]?
What I'm leaning towards is a router/firewall that may be causing some issues. To help with troubleshooting, does your website server have any local firewalls (for ubuntu that would typically be ufw, but it could be iptables or firewalld)?
I don't have any firewalls, and https://206.x.x.x and the internal IP one both worked.
Okay, then I'm thinking your router/NAT maybe causing the problem. Typically, your ISP won't block subdomains for dns, they may outright block Source NAT (SNAT), but if you could get through via the IP, you should be good to go.
Is your firewall allowing port 443 (https) traffic?
I don't think it is, but its hard to tell for sure.
An easy way to check is to visit a site like this and check for port 443: https://www.yougetsignal.com/tools/open-ports/. You don't need to be on the server that's hosting your portfolio, just any thing that's on the same network as your portfolio (something behind your external router)
make sure ports 80 (htttp) or 443 (https) are unblocked on your server
It’s most likely that your external IP is resolving to your firewall and it’s not redirecting LAN traffic.
Either setup a redirect for LAN or setup a custom DNS entry on your router pointing to the server IP.
The external IP is properly bringing me to the portfolio, its just the subdomain that now seems to be blocked.
If you do a DNS lookup (through nslookup or many other tools) on the client you're using to connect, does it get the right IP back?
It does. I think my subdomain is being blocked by ISPs.
In that case it's highly unlikely your problem is with DNS. And much more likely it's a problem with the actual connection to the server. If you are willing to share the IP/domain I can help troubleshoot (either here or in a DM).
I suggest you check out pangolin. For me it’s worth about $12/year to not have a domain pointing directly at my home network, but instead have a layer of privacy and security. Running geofilter and crowdsec is really nice. Sometimes my logs show more than one blocked connection attempt per second. Another option if you want a free service is cloudflared tunneling.
I did it this way because I didn't think a randomly generated domain name from cloudflare would be professional enough. I might have to go with that if I can't get this working though.