Cannot view noho.st subdomain

My YunoHost server

Hardware: Raspberry Pi 3
YunoHost version: 11.0.10.2 (stable)
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello.
Yesterday I installed Yunohost on a new Raspberry Pi, connected to my router via an ethernet cable. I set up my main noho.st domain, set up an admin user and a regular user, ran diagnostics, opened ports 443 and 80, and then installed a subdomain: cloud.scarbs40.noho.st.

I have installed Nextcloud on this subdomain and would like it to be accessed from both outside and inside the local network. The Diagnosis tool says that both the main domain and the subdomain are reachable via HTTP from outside of the local network, and that there are no DNS issues (for Web), but when I:

a) try to reach scarbs40.noho.st from my phone, connected to the same wifi network, the connection times out — but I can view it with no problems on my laptop, and…
b) try to reach cloud.scarbs40.noho.st from either of my devices, the connection times out.

Is there something I am missing?

Merci beaucoup en avance de votre aide. (Je connais un peu de français aussi, mais je suis pas fluent !)

Edit: My dad has tried viewing the domain on his phone, and he can see it when using mobile data — but he gets the same problem as me when trying to view the subdomain. On wifi, it’s the same problem with both domains.

Sommaire du problème… avec le français d’un garçon de l’école… :
Je peux créer une domaine primaire et une sous-domaine (afin d’herberger Nextcloud au sous-domaine, cloud.scarbs40.noho.st) mais je peux voir seulement le domaine primaire avec un web browser à mon ordinateur. Je peux pas le voir à mon smartphone, et je peux pas voir la sous-domaine à ni l’un ni l’autre. Quand ils ne marchent pas, en les deux cas, les browsers me donnent un erreur <timeout>.
Edit : Mon père a essayé de voir le domaine à son smartphone et ça marche bien avec ‘mobile data’, mais il trouve le même problème que moi avec la sous-domaine.

I have been able to add this to the end of my server’s /etc/hosts file:

127.0.0.1 cloud.scarbs40.noho.st

…and this has allowed me to install a Let’s Encrypt certificate for the subdomain, but I am still unable to view cloud.scarbs40.noho.st by navigating to it in a web browser. It still leads to a timeout error.

I can view it if I use a VPN, but not if I don’t.
The problem may be linked either to my subdomain’s DNS settings and/or how my devices view or communicate with each other on the LAN. The problem is, I don’t know how to modify my DNS settings on the server.

i just tried to reach your website and i successfully did from my end through a browser,

please confirm if i understand you well:
you’re able to connect to the server on your laptop,
but from any other device you’re not able to connect?

Hello
In a nutshell, yes.

On my laptop, using wifi, connected to the same router that yunohost is running on:

• I can view yunohost.local
• I can view scarbs40.noho.st
• I cannot view cloud.scarbs40.noho.st

On my phone, I cannot view any of those domains if I am using wifi. If I am using mobile data or a VPN on my phone, as if viewing them from outside the LAN, I can view scarbs40 and cloud.scarbs40 without any problems. I can’t view yunohost.local like that, but that’s not surprising.
My dad, when using the same wifi, also has the same issue when I ask him to try viewing those sites.

Edits: clarifications, fix typos

Hello

ok… there are many things passing in my mind,

first of all remove the hosts changes you have made:
127.0.0.1 cloud.scarbs40.noho.st

127.0.0.1 doman.whatever.com - define that domain as localhost,
for example if i want to block that domain for outbound, i will set it the same way as you did and that domain will not go out and will be redirect as localhost,

anyway you need to remove that line, cause your dns server will take care of that,

connect with your phone to the lan, and check on your router what is your phone ip and tell me when you done,
if your subnet is on class C its supposed to be something like 192.168.x.x

@cgKAF to check what is your device ip, you should go to DHCP on your router

@izakis

first of all remove the hosts changes you have made:
127.0.0.1 cloud.scarbs40.noho.st

127.0.0.1 doman.whatever.com - define that domain as localhost

127.0.0.1 had already been defined in my yunohost server’s /etc/hosts file as localhost, so I removed what I added. Interestingly, I had to add my server’s internal IP address to my laptop’s /etc/hosts file so I could SSH in to the server…

My phone’s local IP address is 192.168.1.15.

so as i understand you dont have keyboard and screen connected to your rpi
and you connected through ssh only,

now please try to ping your cellphone from yunohost server,
ping 192.168.1.15
what we want to check is if ssdp or at least netbios are not blocked on your local lan for some reason,

please tell me when you done i am waiting

Yep, that works:

admin@scarbs40:~ $ ping 192.168.1.15
PING 192.168.1.15 (192.168.1.15) 56(84) bytes of data.
64 bytes from 192.168.1.15: icmp_seq=1 ttl=64 time=139 ms
64 bytes from 192.168.1.15: icmp_seq=2 ttl=64 time=40.2 ms
... [some lines removed] ...

--- 192.168.1.15 ping statistics ---
9 packets transmitted, 8 received, 11.1111% packet loss, time 8013ms
rtt min/avg/max/mdev = 2.696/72.589/139.455/42.109 ms

you have some loss pockets over there something is not normal,

no we need to reverse that process,
your phone is android?

Yes, it is.

ok so we need to check ping from your cellphone to your server so please download terminal to your phone and check what i assume you already know your yunohost lan ip ?
if not check on your router clients list

Alright, I’m copying this manually so it might not be 100% accurate…

$ ping 192.168.1.37
PING 192.168.1.37 (192.168.1.37) 56.(84) bytes of data.
64 bytes from 192.168.1.37: icmp_seq=1 ttl=64 time=14.7ms
64 bytes from 192.168.1.37: icmp_seq=1 ttl=64 time=16.0ms
64 bytes from 192.168.1.37: icmp_seq=1 ttl=64 time=15.6ms
...[some lines removed]...
--- 192.168.1.37 ping statistics ---
31 packets transmitted, 31 received, 0% packet loss, time 30056ms
rtt min/avg/max/mdev = 2.140/12.592/17.526/4.909 ms

Edit: )5 changed to 0% ! Whoops.

ok thats really weird,

you are able to send icmp in dual direction

have you ever tried to get access to your server by ip?
as you described before you tried the domain so this time try the ip itself
go to your browser whatever is it and try http://192.168.1.37
on your phone i mean

I’ve tried it in two phone browsers and they both throw a ‘Secure Connection Failed’ error, saying the site doesn’t support HTTPS.
I can still ‘accept the risk and continue’ and reach the admin log-in screen, though.

you dont have to accept the risk it happens because its http
try https://192.168.1.37 that should be fine

so lets be clear please,

you tried your domain and doesn’t connect, but now after you tried the ip it is connect?

Yes, that’s right. I hadn’t noticed that before.

And even with https:// at the front, it still throws that error and shows a crossed-out padlock as if it’s not secure… strange.

that’s not strange its because the certificate is for the domain not for the ip,

i think you did set your domain as loopback to your network before you even tried on your cellphone cause you wanted to connect through ssh, and you just dont remember the chronological order of your steps,

what happens is when you did set your domain as a local host only your phone got a loop back to your server and you saw probably the icon turning and turning for long time,

about your server you need to reboot it and everything should back to normal,
try to reboot try again from your phone https://192.168.1.37 if it does connect then try the domain

i am here waiting for your reply

Sorry, my server is still rebooting! I’ll let you know once it’s done.

its online i can reach it
@cgKAF
you cant reach your server on your browser ? have you tried on your phone? computer ?

try browser first before you try any ssh

For anyone experiencing a similar issue, it turns out my router doesn’t support hairpinning and that inside the LAN the DNS won’t look for any connected devices. As far as I know, there is probably no way around this besides getting a new router that allows this.
Thanks to @izakis for helping me outside of this thread to work all of this out.