My YunoHost server
Hardware: VPS bought online
YunoHost version: 22.214.171.124
I have access to my server : Through webadmin VNC interface
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
I have a Yunohost instance on a VPS (SSDNodes) that I can’t ping, ssh, or http to at all. My guess is that it’s a firewall issue, but I haven’t made much progress in that direction.
Thanks in advance for any help!
I’ve had this instance running for about a year and haven’t made any significant changes recently. The only admin work I did recently was to remove a number of apps that I wasn’t using (this was a day or two before my problems began).
A few days ago I found that my sites were really sluggish. I checked my ram,cpu,storage and didn’t see anything suspicious. Then I tried restarting my server through the VPS provider’s web interface. Since then I haven’t been able to directly connect to my server at all.
I was able to get access to it through a VNC portal through my VPS provider and have been using that to try to troubleshoot this problem. Because of this, all these snippets are hand-typed. Let me know of anything that I should copy over.
Getting this back to a fully-working configuration would be great, but honestly I’m at the point where I would be ok just getting SSH access so I can exfiltrate my backups and start from scratch.
$ sudo yunohost --version yunohost: repo: stable version: 126.96.36.199 yunohost-admin: repo: stable version: 188.8.131.52 moulinette: repo: stable version: 184.108.40.206 ssowat: repo: stable version: 3.6.4
$ uname -a Linux <computer name> 4.9.0-11-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11) x86_64 GNU/Linux
First I tried pinging from my server, but I always get
connect: Network is unreachable
My VPS provider support said that it looked like a firewall issue, so that’s what I’ve been checking on mostly.
I checked my iptables with
sudo /sbin/iptables -S and didn’t find anything obviously wrong (like the IP I was trying to connect from being blocked).
I tried flushing my firewall rules using direction similar to this:
$ipt -P INPUT ACCEPT $ipt -P FORWARD ACCEPT $ipt -P OUTPUT ACCEPT $ipt -F $ipt -X $ipt -t nat -F $ipt -t nat -X $ipt -t mangle -F $ipt -t mangle -X
and when I did
sudo /sbin/iptables -S I got
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT
But that didn’t seem to help. I restarted my system and found the iptables rules back where I began.
I also tried disabling my firewalld service completely (just
sudo service firewalld stop), but that didn’t seem to have an effect.
I found that yunohost-firewall was not running, but based on the service status I think that’s ok.
yunohost-firewall.service - YunoHost Firewall Loaded: loaded (/lib/systemd/system/yunohost-firewall.service; enabled; vendor preset: enabled) Active: active (exited) since Thu 2020-01-16 05:17:26 UTC; 49 min ago Process: 1156 ExecStart=/usr/bin/yunohsot firewall reload (code=exited, status=0/SUCESS) Main PID: 1156 (code=exited, status=0/SUCESS) Tasks: 0 (limit: 4915) Memory: 0B CPU: 0 CGroup: /system.slice/yunohost-firewall.service
yunohost service status I noticed that nginx was not running and I found that it was giving an
[emerg] 18070#18070: host not found in upstream <my host> in /etc/nginx/conf.d/<...> error.
yunohost service regen-conf nginx and restarting, but got the same nginx errors. I moved my entire conf.d directory and restarted. The error went away, but that didn’t fix anything. My guess now is that the host not found part is due to lack of network connectivity.
I don’t really know what avenues to try, so any pointers for that would be very helpful.
Besides that, here are some concrete questions:
Does the fact that I can’t ping from my VPS instance indicate that this is not (only) a configuration problem on my end? Would the ‘-P OUTPUT ACCEPT’ iptables entry allow this through?
Are the nginx errors I saw just due to the fact that I don’t have any network connectivity so it can’t resolve my domain?
nginx, whether broken or misconfigured, should have no effect on the ability to ping my server. Is that correct?
What is the relation between iptables and firewalld on Yunohost? Most things online made it seem like they were mutually exclusive.
Is it ok that the yunohost-firewall service isn’t running? That’s what the status seems to indicate (successful exit code)
If I should add any information or need to clarify anything, don’t hesitate to let me know. And thanks again!