No access to Yunohost from local lan and outside Internet, but diagnosis insist is doable

My YunoHost server

Hardware: Virtual Box 5.2.42 instance on Ubuntu 18.04 LTS
YunoHost version: 4.1.5
I have access to my server : Through the webadmin | direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello to all forum members. I’m new to Yunohost, and I’m trying my best to make it work for the purpose to have an accessible form internet running Wordpress server, in virtualbox.

I have a nohost.me domain, that Yuno diagnosis said it is reachable through HTTP from outside the local network., but it is not.
All DNS records are correctly configured, and dnschecker.org, verifies that.
In diagnosis there is an issue with the the server not having a working IPv6.
There is also Port 443 is not reachable from outside, although I have it opened in my router (Thomson tg585).

I still cannot connect to Yunohost server from withing the local lan, (e.g. my host Pc to virtualbox, running Yuno), nor can I connect from my tablet on a data plan Internet connection (outside connection). Further more, I cannot access the created user /sso at all.

What should I do, to make it work as a Wordpress server?
Is the virtualbox installation suitable for such serving purposes, or should I try installing on a Raspberry Zero, that lies around?

Yunohost is a remarkable idea, and an incredible software, but it seems to be very difficult to set it up running for the average user.

Please advise me on what steps to take to fix those connectivity problems.
Thank you anyone for your time reading this, and looking forward to an answer to my problems with Yunohost.

TL;DR:
I would definitely start with the RPi!

Longer version:
Sorry for the trouble you have put in the virtualbox server up to now. When it turns out the RPi does not have enough power and the virtualbox is on a more powerful machine, you can (quite) easily move your installation from the RPi to another server by making a backup and use that when installing on another server.

From your story I understand that the virtual server is also not available locally. Virtual servers add a bit of complexity. Did it get an IP address, and does your Ubuntu-installation forward traffic?

I think the difficulty is in the virtual setup. My children (in primary school) give Orange Pi Zero’s with Yunohost on it as birthday present to their friends, they get along with it very well!
I’m a big fan of Yunohost :smiley:

1 Like

Agreed with @wbk that setting up in a Virtualbox is not really recommended because network configuration is double or triple more complicated than the usual setup of “yunohost installed on some computer, configure the port forwarding and voila”

I would not really recommend the RPi0 either though, because there are some known issues

Alternatively, I’m in fact surprised that the diagnosis was telling that the domain is “reachable through HTTP from outside the local network” … but you claim it’s not but did not explain why it isnt and how you tried on your side and what result you get … did you really try to go to http://domain.tld (note the http, not https, for now since apparently there are some other issues with port 443…)

@wbk, @Aleks, thank both for your remarks to my question. As I’ve already said, I can access Yuno by ip locally, not remotely and fro window terminal.

I tried accessing Yuno domain from a mobile device on a data plan. No use at all. @Aleks, you mentioned if I tried to go to http://domain.tld. I copied this in browser, but nothing happens. Sorry for my ignorance, but what is http://domain.tld` (note the http, not https), and how can I access it from Yuno? What is more, today server diagnosis shows open only 22 port, without my intervention, into anything. Furthermore, ****.nohost.me, appears unreachable through HTTP from outside the local network.

Is there anything that you can help me with, making Yuno work for my temporary needs, as a Wordpress server?

This may already have been done by you but you said you opened up ports on your router, but are the ports open in Yunohost? I know I sometimes forget to do that.

sudo yunohost firewall list to see what ports are open.

By http://domain.tld, he means try going to your Yunohost server address in the web browser.
ie. blahblah.com or blahblah.nohost.me

TLD means top level domain (.com, .org etc)

If you give some more details, it is easier to give help with examples that fit your situation.

I’ll give my situation as an example.

The domain name of my wife’s website is gialinh.nl
The IP address is 80.127.182.180 , or [ 2001:985:b79a:1:6d21:81ff:a52e:6f3] on IPv6

Working situations:
When I visit the IP address of the server, I get the Yunohost admin interface.
When I visit the URL http://gialinh.nl , I’m forwarded to https://gialinh.nl/blog , because that Wordpress installation is marked as the default application.

Error situations:
a) If I make a mistake in the DNS-entries ( at …nohost.me in your case), I will get a timeout or not found message from my browser.
b1) When I make a mistake in port forwarding (IPv4) or firewall openings (IPv6) in the router, the same happens (no matter whether I try with a computer at home, somewhere else or on a phone with a data plan).
b2) When I make a mistake in portforwarding BUT I am at home in the same network as the server, I can still reach the user interface if I change my hosts file (‘old fashioned DNS’) on my laptop to tell that

80.127.182.180 gialinh.nl

My hosts file is found at /etc/hosts , depending on the operating system on your laptop/computer/phone it might be somewhere else.

If you run diagnosis, are all the entries under DNS in green? In my case not all of them are green, but enough to make it work. You can compare the output of diagnosis on my server with yours and maybe you spot an important difference.

Good luck!

1 Like

Hello again to all responded to my question, and especially to @wbk.
I’ve followed your suggestion and ditched Yunohost instance on virtualbox and installed it on an old but competent laptop.

I run diagnosis and got the following:

  • Base System, I got a “Meltdown vulnerability” issue, but I don’t care much about it now.

  • Internet connectivity, got a warning on not having IPv6, but I cannot have such, as my ISP don’t provide any.

-DNS records on my domain, xxxx.nohost.me, are all green.

-Port exposure is green to go!

-Web is reachable through HTTP from outside the local network.

-Email still give me, 5 issues as my IP is blacklisted (why?) , but I have no need now for email, so I’ll pass.

-Services status, System resources, System configurations, all are green.

But I still have the same issues as those I had in Yunohost on virtualbox.
Let me explain, in detail.

I can connect to laptop running Yuno, through web adress 192.168.x.xx/yunohost/admin/

I can connect to laptop server through ssh, inside my lan.

I CANNOT connect to user interface, nor to the Wordpress that is installed in my xxxx.myhost.me domain.

If I try to connect to user from within LAN, i get a HTTP/1.0 404 Not Found.

If i try to connect to user from mobile data plan, I got redirected to my router setup page.

If I try to connect to my xxxx.nohost.me domain, from noip host, i got redirected to to my router setup page.

I know, i’m close to achieve my goal having a working Yuno, self hosting a Wordpress page, but I’m missing something here, that doesn’t work.

I need that Yuno server running till the end of next week, just to showcase that Wordpress page, and I need any assistance I can get, to make it work.

So, please what else there is to do to have a Yunohost server running O.K?

Great progress, well done :slight_smile:

From your post it seems that Yunohost is running OK, but that you don’t have much use of it because of the router.

Have you already tried editing the hosts file, on the computer that you use for browsing and visiting your Yunohost (not on the Yunohost server)? That will give you the user interface (the black screen with colourful squares, instead of the white admin interface).

What router do you have? My Fritzbox has ‘DNS rebind protection’ (look at the bottom of the page).

The DNS rebind protection prevents visiting sites inside the local network by domain name. The logic behind it is: when you browse to a website with a domain name, it probably is outside your LAN.

The place to allow access to the LAN is quite hidden away, (let my try pasting a screenshot…):

I have no idea whether other routers do the same, and under which name they hide the setting.

That is when visiting your site from inside your LAN.

When you visit your site from outside the LAN, you get a router setup page. Most routers got a setting somewhere to either disable access to the settings from the outside, or an option to move it to another port. At the moment the router is kidnapping the port forwarding you made to Yunohost.

Hello again @wbk. I have thought to edit those host files, but I will be doing it in the Yunohost server side, not at the computer on lan that I browse.
I have no clue though, what to check or add at that host files.

The host file on the browsing computer is as following:
127.0.0.1 localhost
127.0.1.1 my-pc

The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

The host file on the Yunohost server is as following:
127.0.0.1 localhost
127.0.1.1 ubuntu.lan ubuntu
192.168.1.xx myxxxxxx myxxxxxx.nohost.me

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

127.0.0.1 myxxxxxx myxxxxxx.nohost.me

What should be written in these host files, so I and anyone outside local lan can access Yunohost user page, and especially my Wordpress installation?

My router is being given by my ISP. It is a Thomson - Technicolor (Speedtouch) TG 585v8.
I don think there is a DNS Rebind Protection on this router. Is there any other way to overcome the kidnapping the router does on the port forwarding to my Yunohost server pc?

I can have my hands on both a US ROBOTICS SURECONNECT 9108 ADSL/PSTN and a tp-link TD-W8961N modem-routers. If any of these routers has options as your Fritz!Box, on DNS Rebind Protection, I could give it a try, and set up my network on those routers.

What, do you think, is there any chance to share my Yunohost server from outside lan?

Hi, you are mixing things here! Changing the hosts-file on your Yunohost does not solve your problem.

There are 2 problems:

  1. Outside LAN: your router kidnaps port 443
  2. Inside LAN: your router seems to block DNS resolution to local IP’s

Because you want to show your Wordpress to people outside your LAN, leave problem 2 for later.

Imagine your domain name is codebugging.nohost.me and everything works as it should. People will type that in their browser. Default it will be http://codebugging.nohost.me, (without ‘s’), so port 80 on your external connection. Written explicitly: http://codebugging.nohost.me:80
Yunohost (nginX) will forward from port 80 (unencrypted, http) to port 443 (encrypted, https); explicitly: https://codebugging.nohost.me:443

At https://codebugging.nohost.me:443 will be your default application. If you do not have a default application, they will see the black login screen. You want them to see Wordpress, so set Wordpress as the default application in Yunohost if you did not yet do that.

When you test with your mobile phone, you get the router setup page. Is that on http://codebugging.nohost.me (so, port 80) or at https://codebugging.nohost.me (port 443)? Or both?

If you get the router setup in both cases, there are 2 options:

  • Disable the router setup page on the external / WAN interface. Try to find it in the router setup or in the manual
  • Make a new portforwarding in the router, WAN 444 → Yunohost 443

I don’t have experience with your router, perhaps your ISP is willing to lend a hand. The second option changes the address that your visitors have to type. Now they have to type https://codebugging.nohost.me:444 (note the ‘s’ for https and colon 444 behind the address to get to the right port).
Your router will then forward the traffic to port 443 on your Yunohost, where your visitor will see the default page.

Good luck!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.