'Unable to connect' remotely through 443

josh · January 28, 2022, 1:48pm

My YunoHost server

Hardware: Old laptop
YunoHost version: 4.3.6.2
I have access to my server : Through SSH + API + Direct access
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : Yunohost installed over Debian buster.

Description of my issue

Hey guys!

I have an instance running smoothly for a couple of weeks, however since today it was particularly slow and then finally access problems have come up.

What is working:

SSH
SyncThing
XMPP
IMAP
(other stuff maybe could test if needed)

Not working:

Web access: No sso nor admin on Firefox, returns “Unable to connect” instantly or after some time.
CalDAV (Evolution): Connection refused error trying to add account, after minutes

Failed to get properties: HTTP error code 4 (Could not connect: Connection refused

Initially connection was spotty, now finally it simple doesn’t work.

Tried:

Check Fail2Ban jails and the couple of IP’s I tried from are not banned.
reboot
Diagnosis returns that IPv6 access is missing (will try to sort but hasn’t been a problem)

I noticed some brute force SSH activity, but have since removed SSH password access and it seems to have dropped.

Any hints on how to diagnose and fix this?

Thank you!

EDIT: after some thought went to check some slapd and api logs:

 - Jan 28 13:26:47 slapd[763]: slap_global_control: unrecognized control: 1.3.6.1.4.1.4203.666.5.16
 - Jan 28 13:32:46 slapd[763]: <= mdb_substring_candidates: (mail) not indexed

Found no errors in the yunohost-api logs.

josh · January 28, 2022, 2:22pm

It appears the router (ISP?) shut down the 443 port, probably due to the abuse. Will have to check when I connect locally.

josh · February 2, 2022, 3:57pm

Ok, so after a lot of waiting time (4 days!), waiting for a call from my ISP, they confirm everything is OK on their side, and they remotely look at my port forwarding configurations in the ISP box and they validate it.

Indeed, when browsing through another network (tried Tor, mobile data), entering my IP directly reached the servers then redirects to

https://xxx.xxx.xxx.xxx/yunohost/admin

With an “Unable to connect” error on firefox-based browsers.

Any clues on how to diagnose/fix this?

Diagnosis is still:

Port 443 is not reachable from outside.

ljf · February 2, 2022, 4:14pm

Sometimes diagnosis could be wrong if yunohost infra servers are unable to answer. So the 443 port issue could be due to that point.

If i understand, you can connect from outside but not from inside your network. It’s clearly an hairpining issue, you can probably coturn this issue, by tweaking your hosts file.
More advanced technic to coturn this problem use a yunohost as a domain resolver on the local network (via DHCP).

josh · February 2, 2022, 4:18pm

You probably meant the other way around: I can access it from the inside and not from the outside.

Thank you for your hints. Will try to wrap my head around them, and learn a bit more in the process

josh · February 2, 2022, 5:05pm

Ok got it!

nmaped local IP’s and found a possible culprit: the printer also has the 443 port open!
However, turning it off doesn’t help either.

Would tweaking the hosts file work here?
So should I add a line with

xxx.xxx.xxx.xxx (local network IP) subdomain.nohost.me < this doesn’t seem to work…

josh · February 2, 2022, 10:20pm

This is a bit of a hack, but I managed to work around the problem by setting a different forward port for 443 in my ISP box settings.

system · March 4, 2022, 10:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.