Hi and happy new year to every one,
I can not access to my Yunohost user interface from outside my local network for about 2 months. I investigated a lot, found topics with similar issues but none of them solved the problem for me. I am new in server administration so I may miss something obvious. In order to clearly explain my situation, this post may be long, sorry about that. I will structure it to try to make the reading as clear as possible.
The configuration
I run a Yunohost instance on a Raspberry PI 3B+ with a .ynh.fr domain.
I only have a few apps: AgenDAV and Baikal. I use it mainly for the agenda and instant messenging. At the end of september I added NextCloud and moved the app on an external hard drive. I also changed the user interface by editing the CSS stylesheet.
The issue
When I try to access to my user interface, my web browser waits the answer and finnaly displays " The connection has timed out".
I donât know if this is related, but it began with the Yunohost infrastructure unstability. I patiently waited a few days before starting worrying about my server access. At the beginnig of November, my instance worked again twice between 2 unstabilities I guess. But since then, it was definitively impossible to access to the user interface. I also read here that the issues still happens for other, however it seems to be solved for them.
Checks and solving attempts
1. Check the ports
I checked if my ports were still open. The answer is yes : I opened the ports 443 (HTTPS), 522 and 5269 (XMPP). For information I have a Freebox v5.
2. Check the services
In the administrator web interface, all my services are active. The output of the command yunohost service status seems to confirm that:
avahi-daemon:
active: active
active_at: 2020-01-02 18:53:05
description: allows to reach your server using yunohost.local on your local network
loaded: enabled
service_file_path: /lib/systemd/system/avahi-daemon.service
status: running
dnsmasq:
active: active
active_at: 2020-01-02 18:53:10
description: handles domain name resolution (DNS)
loaded: enabled
service_file_path: /lib/systemd/system/dnsmasq.service
status: running
dovecot:
active: active
active_at: 2020-01-02 18:53:18
description: allows e-mail client to access/fetch email (via IMAP and POP3)
loaded: enabled
service_file_path: /lib/systemd/system/dovecot.service
status: running
fail2ban:
active: active
active_at: 2020-01-02 18:53:30
description: protects against bruteforce and other kind of attacks from the Internet
loaded: enabled
service_file_path: /lib/systemd/system/fail2ban.service
status: running
glances:
active: active
active_at: 2020-01-02 18:53:10
description: monitors system information on your server
loaded: enabled
service_file_path: /run/systemd/generator.late/glances.service
status: running
metronome:
active: active
active_at: 2020-01-02 18:53:13
description: manage XMPP instant messaging accounts
loaded: enabled
service_file_path: /run/systemd/generator.late/metronome.service
status: running
mysql:
active: active
active_at: 2020-01-02 18:53:16
description: stores applications data (SQL database)
loaded: enabled
service_file_path: /lib/systemd/system/mariadb.service
status: running
nginx:
active: active
active_at: 2020-01-02 18:53:16
description: serves or provides access to all the websites hosted on your server
loaded: enabled
service_file_path: /lib/systemd/system/nginx.service
status: running
nslcd:
active: active
active_at: 2020-01-02 18:53:17
description: handles YunoHost user shell connection
loaded: enabled
service_file_path: /run/systemd/generator.late/nslcd.service
status: running
php7.0-fpm:
active: active
active_at: 2020-01-02 18:53:15
description: runs applications written in PHP with nginx
loaded: enabled
service_file_path: /lib/systemd/system/php7.0-fpm.service
status: running
postfix:
active: active
active_at: 2020-01-02 18:53:18
description: used to send and receive emails
loaded: enabled
service_file_path: /lib/systemd/system/postfix.service
status: exited
redis-server:
active: active
active_at: 2020-01-02 18:53:10
description: a specialized database used for rapid data access, task queue and communication between programs
loaded: enabled
service_file_path: /lib/systemd/system/redis-server.service
status: running
rspamd:
active: active
active_at: 2020-01-02 18:53:10
description: filters spam, and other email-related features
loaded: enabled
service_file_path: /lib/systemd/system/rspamd.service
status: running
slapd:
active: active
active_at: 2020-01-02 18:53:11
description: stores users, domains and related information
loaded: enabled
service_file_path: /run/systemd/generator.late/slapd.service
status: running
ssh:
active: active
active_at: 2020-01-02 18:53:10
description: allows you to connect remotely to your server via a terminal (SSH protocol)
loaded: enabled
service_file_path: /lib/systemd/system/ssh.service
status: running
yunohost-api:
active: active
active_at: 2020-01-02 18:53:09
description: manages interactions between the YunoHost web interface and the system
loaded: enabled
service_file_path: /lib/systemd/system/yunohost-api.service
status: running
yunohost-firewall:
active: active
active_at: 2020-01-02 18:53:19
description: manages open and close connexion ports to services
loaded: enabled
service_file_path: /lib/systemd/system/yunohost-firewall.service
status: exited
3. Ping
I have acces to the server within my local network, so I can login with SSH. Thanks to that, I tried to ping outside the LAN to check if I can reach something outside. The answer is yes:
ping -c 3 https://www.google.fr
PING www.google.fr(par21s17-in-x03.1e100.net (2a00:1450:4007:808::2003)) 56 data bytes
64 bytes from par21s17-in-x03.1e100.net (2a00:1450:4007:808::2003): icmp_seq=1 ttl=54 time=27.1 ms
64 bytes from par21s17-in-x03.1e100.net (2a00:1450:4007:808::2003): icmp_seq=2 ttl=54 time=27.7 ms
64 bytes from par21s17-in-x03.1e100.net (2a00:1450:4007:808::2003): icmp_seq=3 ttl=54 time=28.2 ms
64 bytes from par21s17-in-x03.1e100.net (2a00:1450:4007:808::2003): icmp_seq=4 ttl=54 time=27.3 ms
--- www.google.fr ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 27.119/27.626/28.264/0.431 ms
4. DNS solving
According to some information I found, I thought my issue could be related to a bad DNS solving si I tried the command yunohost dyndns update. The update succeeded but when I tried it again 2 days ago, I got the following error:
Traceback (most recent call last):
File "/usr/bin/yunohost", line 214, in <module>
timeout=opts.timeout,
File "/usr/lib/python2.7/dist-packages/moulinette/__init__.py", line 136, in cli
moulinette.run(args, output_as=output_as, password=password, timeout=timeout)
File "/usr/lib/python2.7/dist-packages/moulinette/interfaces/cli.py", line 425, in run
ret = self.actionsmap.process(args, timeout=timeout)
File "/usr/lib/python2.7/dist-packages/moulinette/actionsmap.py", line 523, in process
return func(**arguments)
File "/usr/lib/moulinette/yunohost/log.py", line 284, in func_wrapper
result = func(*args, **kwargs)
File "/usr/lib/moulinette/yunohost/dyndns.py", line 235, in dyndns_update
old_ipv4 = check_output("dig @%s +short %s" % (dyn_host, domain)).strip() or None
File "/usr/lib/python2.7/dist-packages/moulinette/utils/process.py", line 29, in check_output
return subprocess.check_output(args, stderr=stderr, shell=shell, **kwargs)
File "/usr/lib/python2.7/subprocess.py", line 219, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command 'dig @dyndns.yunohost.org +short mydomain.ynh.fr' returned non-zero exit status 9
I confess I donât know why it did not work since I only updated the system and the apps.
I tried again yesterday and I did not get the error anymoreâŠ
I also checked the ouput of service dnsmasq status:
dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset:
Active: active (running) since Thu 2020-01-02 18:53:10 CET; 2h 14min ago
Process: 667 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=
Process: 579 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0
Process: 543 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCC
Main PID: 665 (dnsmasq)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/dnsmasq.service
ââ665 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /et
For what I understand, everything seems ok.
5. Letâs encrypt
I also tried to renew the letâs encrypt certificate. It was still valid but, just in case, I gave it a try. The access to the server is still blocked from outside.
6. Restore a backup
Finally, I had the idea to restore a backup older than the issue:
yunohost backup restore 20191008-190051
As you can see, this command failed:
Warning: YunoHost is already installed
Do you really want to restore an already installed system? [y/N]: y
Info: Preparing archive for restorationâŠ
Info: Restoring application agendavâŠ
Error: An app is already installed with the id 'agendav'
Info: The operation 'Restore 'agendav' from a backup archive' has failed! To get help, please share the full log of this operation using the command 'yunohost log display 20200102-201330-backup_restore_app-agendav --share'
Info: Restoring application baikalâŠ
Error: An app is already installed with the id 'baikal'
Info: The operation 'Restore 'baikal' from a backup archive' has failed! To get help, please share the full log of this operation using the command 'yunohost log display 20200102-201330-backup_restore_app-baikal --share'
Error: Nothing has been restored
Here are the log containts:
sudo yunohost log display 20200102-201330-backup_restore_app-agendav --share
ended_at: 2020-01-02 20:13:30.827939
error: Operation unit has not been closed properly
operation: backup_restore_app
related_to:
- - app
- agendav
started_at: 2020-01-02 20:13:30.806442
success: false
============
2020-01-02 21:13:30,820: INFO - Restoring application agendavĂąâŹÂŠ
2020-01-02 21:13:30,826: ERROR - An app is already installed with the id 'agendav'
and
sudo yunohost log display 20200102-201330-backup_restore_app-baikal --share
ended_at: 2020-01-02 20:13:30.879188
error: Operation unit has not been closed properly
operation: backup_restore_app
related_to:
- - app
- baikal
started_at: 2020-01-02 20:13:30.864277
success: false
============
2020-01-02 21:13:30,875: INFO - Restoring application baikalĂąâŹÂŠ
2020-01-02 21:13:30,877: ERROR - An app is already installed with the id 'baikal'
I admit I donât know why the âOperation unit has not been closed properlyâ and why âAn app is already installed with the id âagendavâ (or âbaikalâ)â.
Other information
I update the server and the apps almost every day. Maybe an update broke something and I have to roll back?
Now I go to you for a solution because I donât know what to do.
Thanks,
Best regards
PS : Great job guys, this is an excellent project