Yunohost in Proxmox inaccessible using domain after a few hours

Hardware: Lenovo ThinkServer TS140 - 4 x Intel(R) Xeon(R) CPU E3-1225 v3 – 12GB RAM
YunoHost version: Latest ISO – fresh install
I have access to my server : SSH & Web Admin

Hi there, I’m running YunoHost in Proxmox as a VM. After a few hours, the machine is no longer accessible using the domain name even though the VM is running and I can access it using the IP address. I have tried running as a container too but I get the same issue. All the ports are correctly forwarded to the correct IP address of the server. Does anyone have an idea as to how I can resolve this?

Since you can access the server using the ip address, check the diagnosis. And try traceroute your domain when it’s no longer accessible

Hi there, thank you for your message. Trace route just keeps saying “Request timed out” and the two domains are inaccesable but I can get into it by using the IP address. The diagnosis looks okay too, there are a few errors, but I don’t think they would cause this problem could they? Please find the log below.

=================================
Base system (basesystem)

[INFO] Server hardware architecture is kvm amd64

  • Server model is QEMU Standard PC (Q35 + ICH9, 2009)

[INFO] Server is running Linux kernel 5.10.0-29-amd64

[INFO] Server is running Debian 11.9

[INFO] Server is running YunoHost 11.2.12 (stable)

  • yunohost version: 11.2.12 (stable)
  • yunohost-admin version: 11.2.6 (stable)
  • moulinette version: 11.2.1 (stable)
  • ssowat version: 11.2.1.1 (stable)

=================================
Internet connectivity (ip)

[SUCCESS] Domain name resolution is working!

[SUCCESS] The server is connected to the Internet through IPv4!

  • Global IP: xx.xx.xx.xx
  • Local IP: 192.168.7.218

=================================
DNS records (dnsrecords)

[SUCCESS] DNS records are correctly configured for domain domain3.tld (category basic)

[WARNING] Some DNS records are missing or incorrect for domain domain3.tld (category mail)

  • Please check the documentation at DNS zone configuration | Yunohost Documentation if you need help configuring DNS records.
  • The following DNS record does not seem to follow the recommended configuration:
    Type: MX
    Name: mysecondapp
    Current value: [‘4 route1.mx.cloudflare.net.’, ‘98 route3.mx.cloudflare.net.’, ‘27 route2.mx.cloudflare.net.’]
    Expected value: 10 domain3.tld.
  • The following DNS record does not seem to follow the recommended configuration:
    Type: TXT
    Name: mysecondapp
    Current value: “v=spf1 include:_spf.mx.cloudflare.net ~all”
    Expected value: “v=spf1 a mx -all”
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: TXT
    Name: mail._domainkey.mysecondapp
    Value: “v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzlv2u46JwVtnXbyVdnwaU3nlX6VoMIMMB5x1E5C8uyWyAo92vUjNDCQM/MqKXsCWipKd/W3xL7KOzV3wbxSLFjX4avV0Cw6Q/r2PFe5mQAaOpfOZoqXZ7BRDgGT3jxWgwSHeCdJIWbxt5RT/gobMqD5a+Qu+D0mIkbrST+NfwdQIDAQAB”
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: TXT
    Name: _dmarc.mysecondapp
    Value: “v=DMARC1; p=none”

[WARNING] Some DNS records are missing or incorrect for domain domain3.tld (category extra)

  • Please check the documentation at DNS zone configuration | Yunohost Documentation if you need help configuring DNS records.
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: A
    Name: *.mysecondapp
    Value: xx.xx.xx.xx
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: CAA
    Name: mysecondapp
    Value: 0 issue “letsencrypt.org

[SUCCESS] DNS records are correctly configured for domain domain2.tld (category basic)

[WARNING] Some DNS records are missing or incorrect for domain domain2.tld (category mail)

  • Please check the documentation at DNS zone configuration | Yunohost Documentation if you need help configuring DNS records.
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: MX
    Name: myfirstapp
    Value: 10 domain2.tld.
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: TXT
    Name: myfirstapp
    Value: “v=spf1 a mx -all”
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: TXT
    Name: mail._domainkey.myfirstapp
    Value: “v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXx3sYxCsCSaZvJLf1F9zZrytF/JVlaHaNi8njXDWfB2IQOWdXVzC5L1CuZbkXQykcvWM3eibJ/rNWovb6wSauLsOYnPRz7FzEd3zZskfQ7FlwBV80mP0g10SB/7a2MNn0O/e2zRoSvN5xFpguw5D56bwn1Vjv2UX8SJ/YitUU4QIDAQAB”
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: TXT
    Name: _dmarc.myfirstapp
    Value: “v=DMARC1; p=none”

[WARNING] Some DNS records are missing or incorrect for domain domain2.tld (category extra)

  • Please check the documentation at DNS zone configuration | Yunohost Documentation if you need help configuring DNS records.
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: A
    Name: *.myfirstapp
    Value: xx.xx.xx.xx
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: CAA
    Name: myfirstapp
    Value: 0 issue “letsencrypt.org

[SUCCESS] DNS records are correctly configured for domain domain4.tld (category basic)

[WARNING] Some DNS records are missing or incorrect for domain domain4.tld (category mail)

  • Please check the documentation at DNS zone configuration | Yunohost Documentation if you need help configuring DNS records.
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: MX
    Name: upload
    Value: 10 domain4.tld.
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: TXT
    Name: upload
    Value: “v=spf1 a mx -all”
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: TXT
    Name: mail._domainkey.upload
    Value: “v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxqWjcqP0n5rHTTvLhrLOKj8b+HuJbVY2OgrxeHG2raj2RCo2ra/yN7jYD0QWSH66fw+2ET1TTA0WjotIeRPGxEyCKWBNvEIQ/sPdxcvp24Pqwb9AV6zEXAD7/nwWJvt8ZfogNPkuf/uYIFy6hWm9+GqtuKhm7h8c4O5tPPTEWHwIDAQAB”
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: TXT
    Name: _dmarc.upload
    Value: “v=DMARC1; p=none”

[WARNING] Some DNS records are missing or incorrect for domain domain4.tld (category extra)

  • Please check the documentation at DNS zone configuration | Yunohost Documentation if you need help configuring DNS records.
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: A
    Name: *.upload
    Value: xx.xx.xx.xx
  • According to the recommended DNS configuration, you should add a DNS record with the following info.
    Type: CAA
    Name: upload
    Value: 0 issue “letsencrypt.org

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category basic)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category mail)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category xmpp)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category extra)

[SUCCESS] Your domains are registered and not going to expire anytime soon.

=================================
Ports exposure (ports)

[SUCCESS] Port 22 is reachable from the outside.

  • Exposing this port is needed for admin features (service ssh)

[SUCCESS] Port 25 is reachable from the outside.

  • Exposing this port is needed for email features (service postfix)

[SUCCESS] Port 80 is reachable from the outside.

  • Exposing this port is needed for web features (service nginx)

[SUCCESS] Port 443 is reachable from the outside.

  • Exposing this port is needed for web features (service nginx)

[SUCCESS] Port 587 is reachable from the outside.

  • Exposing this port is needed for email features (service postfix)

[SUCCESS] Port 993 is reachable from the outside.

  • Exposing this port is needed for email features (service dovecot)

[SUCCESS] Port 5222 is reachable from the outside.

  • Exposing this port is needed for xmpp features (service metronome)

[SUCCESS] Port 5269 is reachable from the outside.

  • Exposing this port is needed for xmpp features (service metronome)

=================================
Web (web)

[SUCCESS] Domain domain3.tld is reachable through HTTP from outside the local network.

[SUCCESS] Domain domain2.tld is reachable through HTTP from outside the local network.

[SUCCESS] Domain domain4.tld is reachable through HTTP from outside the local network.

[SUCCESS] Domain maindomain.tld is reachable through HTTP from outside the local network.

=================================
Email (mail)

[SUCCESS] The SMTP mail server is able to send emails (outgoing port 25 is not blocked).

[SUCCESS] The SMTP mail server is reachable from the outside and therefore is able to receive emails!

[ERROR] Reverse DNS is not correctly configured for IPv4. Some emails may fail to get delivered or be flagged as spam.

  • Current reverse DNS: MYDNS
    Expected value: maindomain.tld
  • You should first try to configure reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
  • Some providers won’t let you configure your reverse DNS (or their feature might be broken…). If you are experiencing issues because of this, consider the following solutions:
    • Some ISP provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
    • A privacy-friendly alternative is to use a VPN with a dedicated public IP to bypass this kind of limits. See Advantage of a VPN for self-hosting | Yunohost Documentation
    • Or it’s possible to switch to a different provider

[ERROR] Your IP or domain xx.xx.xx.xx is blacklisted on Spamhaus ZEN

[SUCCESS] 0 pending emails in the mail queues

=================================
Services status check (services)

[SUCCESS] Service dnsmasq is running!

[SUCCESS] Service dovecot is running!

[SUCCESS] Service fail2ban is running!

[SUCCESS] Service filebrowser is running!

[SUCCESS] Service filebrowser__2 is running!

[SUCCESS] Service metronome is running!

[SUCCESS] Service mysql is running!

[SUCCESS] Service nginx is running!

[SUCCESS] Service php7.4-fpm is running!

[SUCCESS] Service php8.2-fpm is running!

[SUCCESS] Service postfix is running!

[SUCCESS] Service redis-server is running!

[SUCCESS] Service rspamd is running!

[SUCCESS] Service slapd is running!

[SUCCESS] Service ssh is running!

[SUCCESS] Service yunohost-api is running!

[SUCCESS] Service yunohost-firewall is running!

[SUCCESS] Service yunomdns is running!

=================================
System resources (systemresources)

[SUCCESS] The system still has 11 GiB (93%) RAM available out of 12 GiB.

[SUCCESS] The system has 976 MiB of swap!

  • Please be careful and aware that if the server is hosting swap on an SD card or SSD storage, it may drastically reduce the life expectancy of the device.

[SUCCESS] Storage / (on device /dev/mapper/system-root) still has 461 GiB (99.2%) space left (out of 465 GiB)!

[SUCCESS] Storage /boot (on device /dev/sda1) still has 109 MiB (51%) space left (out of 213 MiB)!

=================================
System configurations (regenconf)

[SUCCESS] All configuration files are in line with the recommended configuration!

=================================
Applications (apps)

[SUCCESS] All installed apps respect basic packaging practices

is your domain name pointing to your server?

dig domainname.com

look in the “answer” section.

Hi, thank you for your reply. Yes, it is pointing to the domain name. This is the result when I execute the dig command you mentioned.

For the first app:

; <<>> DiG 9.16.48-Debian <<>> drive.myapp.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43392
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;drive.myapp.com. IN A

;; ANSWER SECTION:
drive.myapp.com. 0 IN A 127.0.0.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri May 31 12:49:43 BST 2024
;; MSG SIZE rcvd: 65

For the second app:

; <<>> DiG 9.16.48-Debian <<>> app.my2ndapp.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1552
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;app.my2ndapp.com. IN A

;; ANSWER SECTION:
app.my2ndapp.com. 0 IN A 127.0.0.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri May 31 12:51:38 BST 2024
;; MSG SIZE rcvd: 64

You ran the dig command on your pc?

i am also wondering that. this says that the .com is going to your local machine.

try dig from a computer not on the same network as your Yunohost server.

Hi all, thank you so much for replies, I really appreciate it. After much reading, trys and stress, I worked it out and got it working. It was fail2ban causing all the problems. So glad it’s finally working, I’ve been using YuNoHost on an old laptop for the last year and love it, so glad I have it on a server now with more power. Thank you all again for your help. :slight_smile:

3 Likes

Can you explain a bit more what you found and what you did, it might help others

1 Like