Server not accessible from outside

Dams · October 30, 2023, 8:22pm

My YunoHost server

Hardware: Raspberry Pi 4 at home
YunoHost version: 11.2.5
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

The diagnostic tools say my server is not accessible from outside. The certificate renew fails because the server is not accessible from outside. But I use the server every day, as well as other users. The server is accessible at least for all installed apps.

I worry because the certificate will soon expire and I can’t find out what’s wrong.

Notes:

my server works on ipv4 only
the web admin console is enabled for local network only

Aleks · October 30, 2023, 9:24pm

Well can you at least share the actual message from the diagnosis ? The diagnosis may complain about various symptoms such as ports not being forwarded, DNS configuration, etc…

Dams · October 30, 2023, 9:28pm

Here it is:

«Le domaine piwi.nohost.me est inaccessible en HTTP depuis l’extérieur.

Le système de diagnostique n’a pas réussi à contacter votre serveur. Il se peut qu’une autre machine réponde à la place de votre serveur. Vérifiez que le port 80 est correctement redirigé, que votre configuration Nginx est à jour et qu’un reverse-proxy n’interfère pas.»

The webadmin is configured to redirect port 80 to 443.

Aleks · October 31, 2023, 12:41pm

Could it be that you manually tweaked your nginx config ? Are there other issues reported by the diagnosis ?

Dams · October 31, 2023, 9:13pm

A warning because I have no ipv6. My server has no ipv6 and nginx didn’t start without a valid ipv6, so ipv6 lines are disabled in config. I could never figure out what the problem is, and I got no answer on the forum. Anyway, the diags and the certificate renewing have worked well with this configuration for months and months.

Also yunohost-firewall does not start (like for ipv6 I could not figure why) but only ports 80, 443, and a few others are open.

2 warnings because I had to comment out ipv6. No other lines have been touched.

Le fichier de configuration /etc/nginx/conf.d/piwi.nohost.me.conf semble avoir été modifié manuellement.
Le fichier de configuration /etc/nginx/conf.d/yunohost_admin.conf semble avoir été modifié manuellement.

Dams · November 1, 2023, 5:06pm

Does anyone know how the diagnostics tool checks if the server is available from outside ? (or how the certificate is renewed ?) Is it requests on ports 80 - 443 ?

KaraDanvers · November 1, 2023, 7:49pm

are you using Cloudflare?

Dams · November 1, 2023, 9:01pm

I’m using a Rapsberry at home with no VPN.

I have tested the accessibility with different DNS (DNS for ISPs Orange, free.fr, SFR) and also using Tor. Using all of them I can access my server.

Also IPv6 domain readiness tester tells the server is available with ipv4 only (that’s what I expect since I have no ipv6).

Dams · November 1, 2023, 9:30pm

I have not changed anything to my configuration and I could renew the Let’s Encrypt certificate a few seconds ago!

The diagnostic tool keeps telling me the server is not accessible. Could it be that some routing for my domain is broken somewhere on the internet?

KaraDanvers · November 1, 2023, 10:51pm

i stopped listening to the diagnostic tool long a go. glad you got it working though.

i dont even use lets encrypt on yunohost anymore on 95% of the apps, i use Nginx Proxy Manager with its built in SSL only if Cloudflare SSL not gonna work with it.