Wrote a post about a silly solution to a silly problem with hosting at home.
This commit is contained in:
@@ -1,24 +1,24 @@
|
|||||||
<article>
|
<article>
|
||||||
<header id="title-block-header">
|
<header id="title-block-header">
|
||||||
<h1 class="title">Public Home Server: Introducing and Resolving Issues</h1>
|
<h1 class="title">Public Home Server: Introducing and Resolving Issues</h1>
|
||||||
<p class="date">2025-02-16T00:00:00-08:00</p>
|
<p class="date">2025-02-16T00:00:00-08:00</p>
|
||||||
</header>
|
</header>
|
||||||
<p>As I have shared before, I have recently set up a server at home to run this website and web services like <a href="https://0x212.com/@iiogama">Mastodon</a>, <a href="https://git.0x212.com/iiogama">Gitea</a>, <a href="https://live.0x212.com">Owncast</a>, Miniflux, Linkding, and other great stuff. I decided to use <a href="https://cloudron.io">Cloudron</a> for simple server management, because I was struggling to get things up and running myself manually with package managers or compiling the software myself, or auto-magically using Docker, NixOS, etc. And I chose Cloudron over other similar services like <a href="https://yunohost.org">YunoHost</a> because I have used it before, it is quite stable, and does the thing it sets out to do well. The struggle with manually taking care of hosting issues came from long hours at work getting things set up and troubleshooting, and not having the energy in the evenings or weekends to get stuff set up and troubleshoot.</p>
|
<p>As I have shared before, I have recently set up a server at home to run this website and web services like <a href="https://0x212.com/@iiogama">Mastodon</a>, <a href="https://git.0x212.com/iiogama">Gitea</a>, <a href="https://live.0x212.com">Owncast</a>, Miniflux, Linkding, and other great stuff. I decided to use <a href="https://cloudron.io">Cloudron</a> for simple server management, because I was struggling to get things up and running myself manually with package managers or compiling the software myself, or auto-magically using Docker, NixOS, etc. And I chose Cloudron over other similar services like <a href="https://yunohost.org">YunoHost</a> because I have used it before, it is quite stable, and does the thing it sets out to do well. The struggle with manually taking care of hosting issues came from long hours at work getting things set up and troubleshooting, and not having the energy in the evenings or weekends to get stuff set up and troubleshoot.</p>
|
||||||
<h2 id="problem">Problem</h2>
|
<h2 id="problem">Problem</h2>
|
||||||
<p>This blog post isn’t a review of Cloudron though, instead I wanted to write down the solution to a weird issue I was having after I initially launched the server, which also took a somewhat embarrassing amount of time to fix. The issue was my website would not open in a web browser on my home computer after it went live, the browser would end the connection attempt with a timeout. I knew the website was up and live though, because I could open it from my phone connected to the cellular network. Tethering a laptop to my cell phone network and running <code>nmap 0x212.com</code> showed the domain name was resolving to my public IP, as well as the correct open ports for my server. Something was mis-configured on my local network.</p>
|
<p>This blog post isn’t a review of Cloudron though, instead I wanted to write down the solution to a weird issue I was having after I initially launched the server, which also took a somewhat embarrassing amount of time to fix. The issue was my website would not open in a web browser on my home computer after it went live, the browser would end the connection attempt with a timeout. I knew the website was up and live though, because I could open it from my phone connected to the cellular network. Tethering a laptop to my cell phone network and running <code>nmap 0x212.com</code> showed the domain name was resolving to my public IP, as well as the correct open ports for my server. Something was mis-configured on my local network.</p>
|
||||||
<p>My local network has two connected routers and three private VLANs. One of the VLANs is a DMZ between the public-facing and private-facing router, the private router drops all connection requests hitting the interface on that network. Port forwarding is enabled on the public router, so it sends all packets it receives from the internet to my Cloudron server that is also in the DMZ. The server is directly connected to the public-facing router.</p>
|
<p>My local network has two connected routers and three private VLANs. One of the VLANs is a DMZ between the public-facing and private-facing router, the private router drops all connection requests hitting the interface on that network. Port forwarding is enabled on the public router, so it sends all packets it receives from the internet to my Cloudron server that is also in the DMZ. The server is directly connected to the public-facing router.</p>
|
||||||
<h2 id="troubleshoot">Troubleshoot</h2>
|
<h2 id="troubleshoot">Troubleshoot</h2>
|
||||||
<p>On my private local network, I could <code>ping</code> the public IP address and the private IP address of the server and all router gateways between, but I could not <code>ping 0x212.com</code>, indicating an issue with DNS. Yet, running <code>nslookup 0x212.com</code> showed correct name resolution, returning my public IP address. I am not running a private DNS server, so all DNS requests for my website were going out to a public DNS server. After checking and rechecking the router and server configurations, I started researching the issue online and learned that Network Address Translation requires loop-back to be enabled on the router for a web connection on the same IP address. But not all routers have that feature available, especially non-enterprise routers like my public facing router from AT&T (required for the fiber connection).</p>
|
<p>On my private local network, I could <code>ping</code> the public IP address and the private IP address of the server and all router gateways between, but I could not <code>ping 0x212.com</code>, indicating an issue with DNS. Yet, running <code>nslookup 0x212.com</code> showed correct name resolution, returning my public IP address. I am not running a private DNS server, so all DNS requests for my website were going out to a public DNS server. After checking and rechecking the router and server configurations, I started researching the issue online and learned that Network Address Translation requires loop-back to be enabled on the router for a web connection on the same IP address. But not all routers have that feature available, especially non-enterprise routers like my public facing router from AT&T (required for the fiber connection).</p>
|
||||||
<p>While I was researching the name resolution issue, a different but related issue came up. Like all good multi-taskers doing too much at one time, I was playing around with all the new toys I was installing on the server. Since I could connect to my website from the Internet, I just enabled a VPN connection with <a href="https://mullvad.net">Mullvad</a> to connect to my servers web services. But while connected to the VPN, I could not SSH into the local IP address for the server. This was necessary because I was needing to transfer files from my computer to the server, and I did not want to send that transfer across the internet. The Mullvad VPN client has a local network sharing setting that allows your computer to connect to other devices on the local network, but this setting will only apply to devices on the same local network as the computer.</p>
|
<p>While I was researching the name resolution issue, a different but related issue came up. Like all good multi-taskers doing too much at one time, I was playing around with all the new toys I was installing on the server. Since I could connect to my website from the Internet, I just enabled a VPN connection with <a href="https://mullvad.net">Mullvad</a> to connect to my servers web services. But while connected to the VPN, I could not SSH into the local IP address for the server. This was necessary because I was needing to transfer files from my computer to the server, and I did not want to send that transfer across the internet. The Mullvad VPN client has a local network sharing setting that allows your computer to connect to other devices on the local network, but this setting will only apply to devices on the same local network as the computer.</p>
|
||||||
<h2 id="possible-solutions">Possible Solutions</h2>
|
<h2 id="possible-solutions">Possible Solutions</h2>
|
||||||
<p>So fundamentally I wanted DNS requests to resolve my website’s domain to the server’s private IP address for my computer on my local network. The Cloudron server has an setting that dynamically updates DNS records using the APIs for various DNS registrars, which can be configured to the public or private IP address for the server. Mine is configured for the public IP address. I started thinking of different ways to resolve my issues, such as the following:</p>
|
<p>So fundamentally I wanted DNS requests to resolve my website’s domain to the server’s private IP address for my computer on my local network. The Cloudron server has an setting that dynamically updates DNS records using the APIs for various DNS registrars, which can be configured to the public or private IP address for the server. Mine is configured for the public IP address. I started thinking of different ways to resolve my issues, such as the following:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Disable Cloudron’s dynamic DNS and pay for a public dynamic DNS service like <a href="https://www.noip.com">No-IP</a>. The server could be configured to accept all requests hitting the interface.</li>
|
<li>Disable Cloudron’s dynamic DNS and pay for a public dynamic DNS service like <a href="https://www.noip.com">No-IP</a>. The server could be configured to accept all requests hitting the interface.</li>
|
||||||
<li>Replace the public router with one that supports NAT loop-back, which is expensive and AT&T requires their fiber router.</li>
|
<li>Replace the public router with one that supports NAT loop-back, which is expensive and AT&T requires their fiber router.</li>
|
||||||
<li>Move Cloudron from baremetal to a virtual machine in <a href="https://www.proxmox.com/">Proxmox</a> or something similar, which could also run a virtual DNS server for local name resolution.</li>
|
<li>Move Cloudron from baremetal to a virtual machine in <a href="https://www.proxmox.com/">Proxmox</a> or something similar, which could also run a virtual DNS server for local name resolution.</li>
|
||||||
</ul>
|
</ul>
|
||||||
<p>I probably should have installed Cloudron in a virtual machine and I may at some point, but that will be a later project and write-up. I do have another server running Proxmox, but I since I have one server running 24/7-ish, I was trying to reduce how often I am running other computers to reduce my <del>electric bill</del> carbon footprint. So I spent some time mulling over this silly little issue, considering how much time and money various solutions cost, and then in a moment of clarity after reading a post in a Mullvad support forum, I realized a simple, practical, and cheap solution for everything.</p>
|
<p>I probably should have installed Cloudron in a virtual machine and I may at some point, but that will be a later project and write-up. I do have another server running Proxmox, but I since I have one server running 24/7-ish, I was trying to reduce how often I am running other computers to reduce my <del>electric bill</del> carbon footprint. So I spent some time mulling over this silly little issue, considering how much time and money various solutions cost, and then in a moment of clarity after reading a post in a Mullvad support forum, I realized a simple, practical, and cheap solution for everything.</p>
|
||||||
<h2 id="simple-solution">Simple Solution</h2>
|
<h2 id="simple-solution">Simple Solution</h2>
|
||||||
<p>The Mullvad client will respect static routes configured on the machine. So running <code>ip route add $SECOND_VLAN via $GATEWAY via $INTERFACE</code> on my computer allowed me to connect to the private IP address for the server while connected to Mullvad’s VPN. With the static route configured, I added <code>$SERVER_PRIVATE_IP 0x212.com</code> to <code>/etc/hosts</code> to my computer. Now the 0x212.com domain resolves to the server’s private IP address for my computer, while still using public DNS servers for everything else. I felt like this was a simple solution that I should’ve realized sooner, but I got caught up considering more complicated, enterprise-grade solutions.</p>
|
<p>The Mullvad client will respect static routes configured on the machine. So running <code>ip route add $SECOND_VLAN via $GATEWAY via $INTERFACE</code> on my computer allowed me to connect to the private IP address for the server while connected to Mullvad’s VPN. With the static route configured, I added <code>$SERVER_PRIVATE_IP 0x212.com</code> to <code>/etc/hosts</code> to my computer. Now the 0x212.com domain resolves to the server’s private IP address for my computer, while still using public DNS servers for everything else. I felt like this was a simple solution that I should’ve realized sooner, but I got caught up considering more complicated, enterprise-grade solutions.</p>
|
||||||
<p>I’m probably will move Cloudron to a virtual machine and setup a private firewall and DNS server, but I don’t need to at this time and can focus on other fun things like updating my website and writing blog posts.</p>
|
<p>I’m probably will move Cloudron to a virtual machine and setup a private firewall and DNS server, but I don’t need to at this time and can focus on other fun things like updating my website and writing blog posts.</p>
|
||||||
</article>
|
</article>
|
||||||
|
|||||||
Reference in New Issue
Block a user