Hardware: HP Mini PC in my home YunoHost version: 4.3.6.2 I have access to my server : SSH, webadmin, direct access Are you in a special context or did you perform some particular tweaking on your YunoHost instance? : Not special setup
Perhaps related: after I first installed YunoHost, it didn’t connect to my internet, even though the “eno1” interface, so I had to go and manually adjust one of the network files to tell it to use DHCP and restart the network service. This was the only unusual thing I experienced.
Perhaps related: I have a pfSense machine between my modem and my YunoHost machine. I changes the NAT to port-forward 80, 443 to my YunoHost machine. The root of my domain, example.com, shows the pfSense admin site, but I can access the YunoHost admin URL by navigating directly to that path.
Description of my issue
I am trying to complete the installation guide. When I get to the step which opens the SSO portal, I see a 404 page generated by nginx.
The URL which shows this message is: https://example.com/yunohost/sso/?r=(...)
I am able to view my admin portal at https://192.168.1.120/yunohost/admin/#/tools.
I am not able to view my admin portal at https://example.com/yunohost/admin/#/tools – I see a 404 page from nginx.
I spent a few hours browsing OS by looking at journalctl for nginx logs and system-level logs, but I see nothing related to ssowat.
I do see files and directories related to ssowat, but I don’t know how nginx loads or uses them.
I don’t know where else to find logs to share.
Do you have any tips to help me troubleshoot this issue?
You may be able to access the webadmin using the local IP of your server, but if your router is using port 80 / 443 (despite the fact that you redirected the ports, some routers may act “as if” it works despite that they use these ports for their admin ui), you won’t be able to access the SSO, because the SSO requires to be accessed via the domain name, hence implicitly via the global IP, hence implicitly via your router
Ah, I see your point – perhaps pfSense has an nginx server which is trying to handle that URL, and YunoHost isn’t even getting the request.
I thought port-forwards on pfSense would be really easy, but I guess it’s a bit more complicated! I’ll try to change the admin port for pfSense to 8080 and 4433, which should make room for the port forward to YunoHost.
I’ll try to adjust the configuration on pfSense some more.
I used my smartphone to browse to “example.com” using the Internet provided by the cell phone towers, rather than my WiFi, and it immediately worked. This indicates that my pfSense box is doing something unexpected. While having access from outside my network is good, it’s not good enough – I also need to be access my YunoHost from inside my network.
After searching the web, in addition to adding port-forwards in pfSense, I had to change its configuration to allow port-forwards for requests from my internal network. The following pfSense doc page helped me do that.
As a note to other people, that doc page says that “Split DNS” is preferred, but it doesn’t work if a computer on the network specifies its own DNS server. I do use a custom DNS server (Quad9 right now) on some of my computers, so I also needed to enable “NAT Reflection”.
Are there action items for improving YunoHost?
The YunoHost doc page for port forwarding didn’t mention anything about NAT reflection or split DNS – should it? Is it only a problem with certain software, like pfSense? I don’t know enough, but I would guess it’s not only pfSense.