No access to nohost.me from the outside

, ,

A big hello to the community. I an new to Yunohost and really enjoyed the installation and first test run of my server. Unfortunately I ran into some problems when i decided to install a fresh version into my old PC which I have at home. Every device at home is behind a VPN client (from a VPN company) installed in my router.
So, I installed everything fine, registered a nohost.me name using the automatic method through the web interface.

THe problem i get is that I cannot access the domain from the outside. The domain is registred on the Dyndns but when i type the web address i chose, nothing is happening.
From the local network I have access perfectly, plus i can download any application i want from the desktop-server. Please find below my setup:

My YunoHost server

Hardware: Old laptop or computerat home / OpenVPN client installed in router
YunoHost version: 3.6
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes. I have disabled ipv6 since i tought this was causing the issues (log below)

Update the ip associated with your YunoHost subdomain ΧΧΧΧΧΧΧΧΧ (not the real address).nohost.me

2019-09-05 23:32:03,373: INFO - Updated needed, going on…
2019-09-05 23:32:03,816: DEBUG - Could not get public IPv6 : Invalid url https://ip6.yunohost.org (does this site exists?)
2019-09-05 23:32:03,819: DEBUG - system hook folder not found for action ‘custom_dns_rules’ in /usr/share/yunohost/hooks/
2019-09-05 23:32:03,819: DEBUG - custom hook folder not found for action ‘custom_dns_rules’ in /etc/yunohost/hooks.d/
2019-09-05 23:32:03,820: DEBUG - Now pushing new conf to DynDNS host…

; Basic ipv4/ipv6 records
@ 3600 IN A 185.181.100.203

  • 3600 IN A 185.181.100.203

; XMPP
_xmpp-client._tcp 3600 IN SRV 0 5 5222 ΧΧΧΧΧ.nohost.me.
_xmpp-server._tcp 3600 IN SRV 0 5 5269 ΧΧΧΧ.nohost.me.
muc 3600 IN CNAME @
pubsub 3600 IN CNAME @
vjud 3600 IN CNAME @

; Mail
@ 3600 IN MX 10 ΧΧΧΧΧΧ.nohost.me.
@ 3600 IN TXT “v=spf1 a mx ip4:185.181.100.203 -all”
mail._domainkey 3600 IN TXT “v=DKIM1; h=sha256; k=rsa; p=A biiiiiiiiig key”
_dmarc 3600 IN TXT “v=DMARC1; p=none”

; Extra
@ 3600 IN CAA 128 issue “letsencrypt.org

In order to reach the server from the outside, i have opened a specific port through my VPN provider since the IP address i am given is shared. This port forwarding i tested that is reachable when I have a service listening to that port (this test was prior of installing Yunohost).

I should note that in my first attempt to get ot know Yunohost i installed it in an another location that was not behind VPN and everything was perfectly fine even with the Lets encrypt certificate. I could access everything from the outside. When i brought the same pc at home though, i got the same messages above.

I read in a recent forum post that some people had similar issues and it seemed that the name was not registering somewhere i think…
Please also note that I am a newbie to this self hosting thing and limited experience, so please be gentle! :slight_smile:

I appreciate your help.

Best regards!


Hey @HoldMyGin,

You mean, while in the local network, you can access the nohost.me domain? Or you mean the local IP address behind the router?

Have you tried something like mtr to see where your packets go and until which hop they arrive on when trying from inside / outside the network?

Same for me, it has to come from their API

Hi @decentral1se,

Thanks for your reply. I mean i can access the server from my local network via the local ip the server has, eg 192.168.x.x.
Yes I have done an mtr and the result i get is : unknown host…

@MoDzCatZ Hi. Are you saying that you are having the same issue?

So can you check using https://www.whatsmydns.net/ that your domain points to the right IP ? (Also maybe do the check for IPv6 / AAAA records in case you have IPv6 involved)

Yes I have tried this. All results come back with X. As if the domain isn’t pointing anywhere. Also tried to check dyndns and said that the name is registered…
I mean shouldn’t this process be automatic since I used a nobody.me name?
How can I manually do the allocation of the domain in a specific IP?

Hmmm so when you run yunohost dyndns update it triggers the update of the domain which starts with the log you posted :

So what happens at the end ? Did you paste everything there is when running this command ?

Hi Aleks,

I noticed, when i restarted the server, that there was an error message that the dnsmasq (something like that) service could not start or initiate.
Further to your question above, when i ran the yunohos dyndns update there is also two lines at the end of the log saying : Update failed : NOTAUTH (BADKEY), and TSIG error with server: tsig indicates error’ and also another error saying Unable to update IP address on DynDNS.

And this is the log from the dnsmasq

Sep  8 19:31:08 xxxxxxxx systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Sep  8 19:31:08 xxxxxx dnsmasq[15409]: dnsmasq: syntax check OK.
Sep  8 19:31:08 xxxxxx dnsmasq[15412]: dnsmasq: failed to create listening socket for port 53: Address already in use
Sep  8 19:31:08 xxxxxx dnsmasq[15412]: failed to create listening socket for port 53: Address already in use
Sep  8 19:31:08 xxxx systemd[1]: dnsmasq.service: Control process exited, code=exited status=2
Sep  8 19:31:08 xxxxx dnsmasq[15412]: FAILED to start up
Sep  8 19:31:08 xxxxxxx yunohost-api[551]: Job for dnsmasq.service failed because the control process exited with error code.
Sep  8 19:31:08 xxxxxxx yunohost-api[551]: See "systemctl status dnsmasq.service" and "journalctl -xe" for details.
Sep  8 19:31:08 xxxxxx systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Sep  8 19:31:08 xxxxxxx systemd[1]: dnsmasq.service: Unit entered failed state.
Sep  8 19:31:08 xxxxxxx systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Sep  8 19:31:16 xxxxxx yunohost-api[551]: Synchronizing state of dnsmasq.service with SysV service script with /lib/systemd/systemd-sysv-install.
Sep  8 19:31:16 xxxxxxx yunohost-api[551]: Executing: /lib/systemd/systemd-sysv-install disable dnsmasq
Sep  8 19:31:16 xxxxxx systemd[1]: Reloading.
Sep  8 19:31:16 xxxxxxx systemd[1]: apt-daily-upgrade.timer: Adding 13min 29.663856s random time.
Sep  8 19:31:16 xxxxxx systemd[1]: Reloading.
Sep  8 19:31:16 xxxxxx systemd[1]: apt-daily-upgrade.timer: Adding 56min 40.146588s random time.
Sep  8 19:31:16 xxxxx systemd[1]: Reloading.
Sep  8 19:31:16 xxxxxxx systemd[1]: apt-daily-upgrade.timer: Adding 6min 11.761146s random time.
Sep  8 19:31:19 xxxxxx systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Sep  8 19:31:19 xxxxxxxx dnsmasq[15507]: dnsmasq: syntax check OK.
Sep  8 19:31:19 xxxxxxx dnsmasq[15510]: dnsmasq: failed to create listening socket for port 53: Address already in use
Sep  8 19:31:19 xxxxxxxx dnsmasq[15510]: failed to create listening socket for port 53: Address already in use
Sep  8 19:31:19 xxxxxxxsystemd[1]: dnsmasq.service: Control process exited, code=exited status=2
Sep  8 19:31:19 xxxxxxx dnsmasq[15510]: FAILED to start up
Sep  8 19:31:19 xxxxx systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Sep  8 19:31:19 xxxxxx systemd[1]: dnsmasq.service: Unit entered failed state.
Sep  8 19:31:19xxxxxx yunohost-api[551]: Job for dnsmasq.service failed because the control process exited with error code.
Sep  8 19:31:19 xxxxxxx yunohost-api[551]: See "systemctl status dnsmasq.service" and "journalctl -xe" for details.
Sep  8 19:31:19 xxxxxx systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Sep  8 19:31:22 xxxxx yunohost-api[551]: Synchronizing state of dnsmasq.service with SysV service script with /lib/systemd/systemd-sysv-install.
Sep  8 19:31:22 xxxxxx yunohost-api[551]: Executing: /lib/systemd/systemd-sysv-install enable dnsmasq
Sep  8 19:31:22xxxxxxx systemd[1]: Reloading.
Sep  8 19:31:22 xxxxxx systemd[1]: apt-daily-upgrade.timer: Adding 1min 51.256192s random time.
Sep  8 19:31:22 xxxxxxx systemd[1]: Reloading.
Sep  8 19:31:22 xxxxxx systemd[1]: apt-daily-upgrade.timer: Adding 30min 13.660636s random time.
Sep  8 19:31:22 xxxxxxx systemd[1]: Reloading.
Sep  8 19:31:22xxxxxxx systemd[1]: apt-daily-upgrade.timer: Adding 58min 39.609964s random time.
Sep  8 19:31:28 xxxxxx systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Sep  8 19:31:28 xxxxxxx dnsmasq[15609]: dnsmasq: syntax check OK.
Sep  8 19:31:28 xxxxxxxx dnsmasq[15612]: dnsmasq: failed to create listening socket for port 53: Address already in use
Sep  8 19:31:28xxxxxxx dnsmasq[15612]: failed to create listening socket for port 53: Address already in use
Sep  8 19:31:28 xxxxxx systemd[1]: dnsmasq.service: Control process exited, code=exited status=2
Sep  8 19:31:28 xxxxxxx dnsmasq[15612]: FAILED to start up
Sep  8 19:31:28 xxxxxxx systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Sep  8 19:31:28xxxxxxsystemd[1]: dnsmasq.service: Unit entered failed state.
Sep  8 19:31:28 xxxxxx yunohost-api[551]: Job for dnsmasq.service failed because the control process exited with error code.
Sep  8 19:31:28 xxxxxx yunohost-api[551]: See "systemctl status dnsmasq.service" and "journalctl -xe" for details.
Sep  8 19:31:28 xxxxxxxx systemd[1]: dnsmasq.service: Failed with result 'exit-code'.

Ok, to narrow down few things:
I think that the public address I am getting from my VPN provider cannot be accepted (?) from DynDns services?
Because when I plug the server to the ISP modem the IP is updated and everything works fine.
So does this DynDns service blacklists some IPs?

Uh not really …

Hmmmm dunno why this happens … maybe we can try to re-subscribe the domain … For this we need to delete it from our infrastructure, then you can run

rm -rf /etc/yunohost/dyndns
rm /etc/cron.d/yunohost-dyndns

Then

yunohost dyndns subscribe -d yourdomain.nohost.me

Since I think that i am getting close to the solution can anyone let me know how can i configure Yunohost server to listen to a specific port given by my VPN provider for port forwarding?

Eg instead of listening to 443 for https, i want a specific port number. Which files do i configure?

Hello,

If I have understood correctly, and without any guarantee that it will work, it is necessary to modify the port where Nginx listens.
See if this link can be useful?

My experience is that this is really tricky. Naively changing the nginx config to listen to another port is easy and will work, but from what I remember, there are many places in many pieces of software that will just assume one way or another that your server listens on port 443 … Or maybe you can also change the https port in /etc/services but my guess is that this will trigger other issues. And then you’d need to tell your users to put the port explicitly in the url to access your server … So I’d just recommend to find a solution that doesn’t involve tweaking the https port…

Indeed it seems to trigger other issues…by accessing my domain eg xxx.com:PORT seems to be connecting but nothing is happening after that…
I followed this: Change port of NGINGX (443-> 4443) : l'API ne répond pas (Erreur : 0 error) guide to do this.

I will give it another shot, but it would be great to have a guide where do change what since as i describe above, I am behind a VPN client in my router and i dont mind putting the :PORTNUMBER if i have to access the server from the outside…

Basically what i want is for the :PORTNUMBER to be just after my domain name … (i think) in every redirect the server does…

Any other input is of course welcome. Thank you for your help.

I tried on my installation (/etc/nginx/conf.d, changes mydomain.tld.conf and yunohost_admin.conf) with no more success than you!
I do not really have solutions!

If you have manually changed the configuration of Nginx, to start on a healthy basis, in my opinion, a:
yunohost tools regen-conf nginx --force
is needed.

1 Like

Hello,
When I think about it, and I may be talking nonsense because I don’t master the technique at all: wouldn’t a reverse proxy be the solution?
Have a good day!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.