No connection to Yunohost on VPS, but system alive

nathanmcrae · January 17, 2020, 3:36am

My YunoHost server

Hardware: VPS bought online
YunoHost version: 3.6.5.3
I have access to my server : Through webadmin VNC interface
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi Guys,
I have a Yunohost instance on a VPS (SSDNodes) that I can’t ping, ssh, or http to at all. My guess is that it’s a firewall issue, but I haven’t made much progress in that direction.

Thanks in advance for any help!

Background

I’ve had this instance running for about a year and haven’t made any significant changes recently. The only admin work I did recently was to remove a number of apps that I wasn’t using (this was a day or two before my problems began).

A few days ago I found that my sites were really sluggish. I checked my ram,cpu,storage and didn’t see anything suspicious. Then I tried restarting my server through the VPS provider’s web interface. Since then I haven’t been able to directly connect to my server at all.

I was able to get access to it through a VNC portal through my VPS provider and have been using that to try to troubleshoot this problem. Because of this, all these snippets are hand-typed. Let me know of anything that I should copy over.

Getting this back to a fully-working configuration would be great, but honestly I’m at the point where I would be ok just getting SSH access so I can exfiltrate my backups and start from scratch.

Versions

$ sudo yunohost --version
yunohost:
    repo: stable
    version: 3.6.5.3
yunohost-admin:
    repo: stable
    version: 3.6.5.1
moulinette:
    repo: stable
    version: 3.6.4.1
ssowat:
    repo: stable
    version: 3.6.4

$ uname -a
Linux <computer name> 4.9.0-11-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11) x86_64 GNU/Linux

Troubleshooting

First I tried pinging from my server, but I always get connect: Network is unreachable

My VPS provider support said that it looked like a firewall issue, so that’s what I’ve been checking on mostly.

I checked my iptables with sudo /sbin/iptables -S and didn’t find anything obviously wrong (like the IP I was trying to connect from being blocked).

I tried flushing my firewall rules using direction similar to this:

$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -F
$ipt -X
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F
$ipt -t mangle -X

and when I did sudo /sbin/iptables -S I got

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

But that didn’t seem to help. I restarted my system and found the iptables rules back where I began.

I also tried disabling my firewalld service completely (just sudo service firewalld stop), but that didn’t seem to have an effect.

I found that yunohost-firewall was not running, but based on the service status I think that’s ok.

yunohost-firewall.service - YunoHost Firewall
Loaded: loaded (/lib/systemd/system/yunohost-firewall.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2020-01-16 05:17:26 UTC; 49 min ago
Process: 1156 ExecStart=/usr/bin/yunohsot firewall reload (code=exited, status=0/SUCESS)
Main PID: 1156 (code=exited, status=0/SUCESS)
Tasks: 0 (limit: 4915)
Memory: 0B
CPU: 0
CGroup: /system.slice/yunohost-firewall.service

Running yunohost service status I noticed that nginx was not running and I found that it was giving an [emerg] 18070#18070: host not found in upstream <my host> in /etc/nginx/conf.d/<...> error.

I tried yunohost service regen-conf nginx and restarting, but got the same nginx errors. I moved my entire conf.d directory and restarted. The error went away, but that didn’t fix anything. My guess now is that the host not found part is due to lack of network connectivity.

Questions

I don’t really know what avenues to try, so any pointers for that would be very helpful.

Besides that, here are some concrete questions:

Does the fact that I can’t ping from my VPS instance indicate that this is not (only) a configuration problem on my end? Would the ‘-P OUTPUT ACCEPT’ iptables entry allow this through?

Are the nginx errors I saw just due to the fact that I don’t have any network connectivity so it can’t resolve my domain?

nginx, whether broken or misconfigured, should have no effect on the ability to ping my server. Is that correct?

What is the relation between iptables and firewalld on Yunohost? Most things online made it seem like they were mutually exclusive.

Is it ok that the yunohost-firewall service isn’t running? That’s what the status seems to indicate (successful exit code)

If I should add any information or need to clarify anything, don’t hesitate to let me know. And thanks again!

nathanmcrae · January 17, 2020, 4:23am

After several days down, my system is back up. The last thing I did was to try flushing iptables again as described above. That didn’t appear to work, so I restarted my system again to refresh my iptables lists. I came back a while later to find that connectivity had been completely restored.

If anyone has any insight on what happened, I’d love to hear, but for now the issue is resolved (and I’ll be starting a better backup policy!)

schulzpin · January 17, 2020, 4:10pm

I had the same issue few days ago. I restored it from the vps backup. Backup from yunohost itself didn’t work out.

nathanmcrae · January 17, 2020, 5:27pm

Interesting, did your yunohost backup restore attempt fail, or did you just not have any access to attempt restore?

schulzpin · January 17, 2020, 9:18pm

Yes, yunohost backup restore failed and I could access my server only through VPS console. ssh and other services were unreachable

nathanmcrae · January 27, 2020, 5:43pm

I had the same problem again and this time my VPS support fixed it by restarting my networking service: /etc/init.d/networking restart.

So if anyone else is having similar symptoms, that might be worth trying.

system · February 11, 2020, 5:43pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.