[04:14:41]
<Solrac> Hello I'm trying to update my main domain but, when I try to make a domain the deafult, it gives me an error; "postmaster@(domain) cannot be removed from admins group"
Context:
Yunohost was uncompletable so I installed it on top of a minimal Debian 11.7 install as I was suggested.
After configuring some drivers, I installed YunoHost via the remote method.
I installed Synapse and SearXNG to test but the nohost.me didn't work for me.
After a long trial and error, I ultimately settled for a Gandi domain, and set the API Key and updated the DNS Zones automatically (without overwriting the default config)
I attempt to make this new domain the default, I get the error.
I remove all previously installed apps
I retry making the domain the deafult. I get the error again.
Full Log: https://paste.yunohost.org/raw/codufucoto
Thanks in advanced and sorry for the trouble
[06:24:05]
<Solrac> networking is confusing
[10:20:59]
<Solrac> Hell again. I'm trying to expose my local server to the internet. I'm running YunoHost and I got my domain set up, and YunoHost manages the DNS automatically, however, Ports 80 & 443 (HTTP) are not operable outside the local network. -- I've an OpenWRT router to run the internet for all my devices, however, the internet comes from my ISP's router which is unsupported by OpenWRT, so it effectivel acts as a one-off switch. I've enabled port forwarding from said ISP Box to the OpenWRT Router, however, port forwarding said ports from OpenWRT to my local server, or rather, `any` device in the network, still doesn't seem to work, as Yunohost's diagnostics indicate that the ports are unreachable. -- What can I do? I've been stuck on this for a few hours.
[10:35:33]
<orhtej2> > <@miro5001:matrix.org> If I remove a mail alias from one user than add it to another one, will I loose the emails?
Likely no, mails are routed when received but who knows?
[10:36:48]
<orhtej2> > <@lsolrac:matrix.org> Hell again. I'm trying to expose my local server to the internet. I'm running YunoHost and I got my domain set up, and YunoHost manages the DNS automatically, however, Ports 80 & 443 (HTTP) are not operable outside the local network. -- I've an OpenWRT router to run the internet for all my devices, however, the internet comes from my ISP's router which is unsupported by OpenWRT, so it effectivel acts as a one-off switch. I've enabled port forwarding from said ISP Box to the OpenWRT Router, however, port forwarding said ports from OpenWRT to my local server, or rather, `any` device in the network, still doesn't seem to work, as Yunohost's diagnostics indicate that the ports are unreachable. -- What can I do? I've been stuck on this for a few hours.
I would assume you have to route on OpenWRT to some actual device that runs yunohost
[10:37:42]
<Solrac> > I would assume you have to route on OpenWRT to some actual device that runs yunohost
my layout is
```ISPBox --[eth]--> OpenWRT Router -> Everything Else```
So, yes. The Server is connected to OpenWRT
[10:37:51]
<orhtej2> > <@lsolrac:matrix.org> So I got that working via the API key. But now, when I try to make a domain the deafult, it gives me an error; "postmaster@(domain) cannot be removed from admins group"
>
> Context:
> Yunohost was uncompletable so I installed it on top of a minimal Debian 11.7 install as I was suggested.
> After configuring some drivers, I installed YunoHost via the remote method.
> I installed Synapse and SearXNG to test but the nohost.me didn't work for me.
> After a long trial and error, I ultimately settled for a Gandi domain, and set the API Key and updated the DNS Zones automatically (without overwriting the default config)
> I attempt to make this new domain the default, I get the error.
> I remove all previously installed apps
> I retry making the domain the deafult. I get the error again.
>
> Full Log: https://paste.yunohost.org/raw/codufucoto
>
> Thanks in advanced and sorry for the trouble
Given you have only 2 apps installed perhaps back them up, reinstall from scratch and restore these 2 from backup?
[10:38:29]
<orhtej2> > <@lsolrac:matrix.org> my layout is
> ```ISPBox --[eth]--> OpenWRT Router -> Everything Else```
> So, yes. The Server is connected to OpenWRT
I'm saying it should be some specific ip rather than `any`
[10:38:42]
<Solrac> > Given you have only 2 apps installed perhaps back them up, reinstall from scratch and restore these 2 from backup?
I got to switch back and forth between the nohost and my domain, and that seemed to work
[10:39:55]
<selfhoster1312> Solrac, your layout looks good, you should just make sure your OpenWRT also has port redirection for 80/443 for your Yunohost instance
[10:40:23]
<selfhoster1312> double NAT is never recommended because of reasons ® but it still works for simple setups like this i've done that for many years
[10:43:04]
<Solrac> Someone suggested to do something like this
443 - ISPBox --> 8443 - OpenWRT --> 443 - server
80 - ISPBox --> 8080 - OpenWRT --> 80 - server
[10:43:49]
<selfhoster1312> you can but there is no reason to, OpenWRT doesn't listen on 80/443 on the WAN interface (only on the LAN interface)
[10:45:33]
<selfhoster1312> what you can do is first check port redirection works on your ISP modem by removing OpenWRT and putting your server directly behind... if that works it's a config problem with OpenWRT
[10:45:46]
<selfhoster1312> if it doesn't work it means your ISP modem is wrong configured :)
[10:50:43]
<selfhoster1312> and if you want to make extra sure it's not yunohost's fault (spoiler: it's probably not) you can use your own laptop as server for test, from a folder you want to serve you can do `sudo python3 -m http.server 80` :)
[10:52:39]
<selfhoster1312> (ah and you should check by accessing with the IP address, just to rule out DNS misconfiguration)
[10:53:13]
<Solrac> I tried this, and it connected to 192.168.0.2/yunohost 0.2 is the openwrt router on the isp box.
[10:53:15]
<Solrac> https://aria.im/_matrix/media/v1/download/matrix.org/PBovCoRSWqujHDtVqkkNZvac
[10:53:24]
<Solrac> it coudlnt connect but it _did_ get the url
[11:05:36]
<Solrac> Update; I did manage to port forward into yunohost from the isp box, but I cant access the webUI despite getting the url. This also happened when I tried to use another device to browse the WebUI directly (through openwrt)
[11:06:20]
<Solrac> > <selfhoster1312> if it doesn't work it means your ISP modem is wrong configured :)
I guess this is thankfully ruled out
[11:06:36]
<Jeidnx> > <@lsolrac:matrix.org> Update; I did manage to port forward into yunohost from the isp box, but I cant access the webUI despite getting the url. This also happened when I tried to use another device to browse the WebUI directly (through openwrt)
What do you mean with "getting the url"?
[11:08:57]
<Solrac> > <@jeidnx:spacegli.de> What do you mean with "getting the url"?
my ispbox ip set is 192.168.0.XYZ. OpenWRT's ip address on the ispbox is 192.168.0.2
I've portforwared 80 (isp) -> 8080 (openwrt) -> 80 (ynh). Same with 443 -> 8433
If I try to access 192.168.0.2:8080 or 8433, it redirects me to 192.168.0.2/yunohost/admin
The page however, does not load
[11:14:00]
<Jeidnx> Does 192.168.0.2:8080/yunohost/admin load? I wouldn't expect the openwrt box to respond on a closed wan port
[11:15:41]
<Solrac> No, it sadly doea not. But this issue was replicated earlier when i used another device to get to the admin webui with the openwrt address.
[11:16:22]
<Jeidnx> It could be a nat hairpin issue. Have you tried to connect from the outside at all?
[11:16:36]
<Solrac> Besides the ispbox no
[11:17:05]
<Solrac> I just got to the web ui on my phone (using ooenwrt ip)
[11:20:12]
<Jeidnx> Can you try to connect to your domain from your cellular connection or via a vpn that is outside your house?
[11:20:30]
<Solrac> Oh, no not yet
[11:22:09]
<Solrac> I assume the diagnostic needs to pass beforehand
[11:25:30]
<Jeidnx> You can try running the diagnostic but im not sure if it connects from the outside. I would try both manually connecting from the outside and running the diagnostics
[11:33:02]
<Solrac> > <@jeidnx:spacegli.de> You can try running the diagnostic but im not sure if it connects from the outside. I would try both manually connecting from the outside and running the diagnostics
I tried connecting manually and sadly, nothing
[11:35:26]
<Solrac> https://aria.im/_matrix/media/v1/download/matrix.org/AnMDLBAIaLwzeTLXzoZOnDZn
[11:40:23]
<Jeidnx> And just to confirm your dns is set up correctly and you have checked that the name resolves to your wan ip?
[11:41:13]
<Solrac> How can I check for that? -- I've a Gandi.net domain, and I'm using the API Key auto-dns method
[11:41:23]
<Solrac> everything else is left to defaults
[11:48:59]
<Solrac> ?
[11:49:18]
<selfhoster1312> when you do `dig YOURDOMAIN` do you see your IP address in the A records? :)
[11:50:41]
<Solrac> I completely forgot about the dig command
[11:51:25]
<selfhoster1312> and so you say you can read the server on port 80/443 but you can't access the web ui ?
[11:51:43]
<selfhoster1312> what does `curl -v https://DOMAIN/yunohost/admin/` say ?
[11:52:42]
<Solrac> https://aria.im/_matrix/media/v1/download/matrix.org/BMCljseYNFNYWkjpjHwyQsxi
[11:54:02]
<Solrac> > <selfhoster1312> what does `curl -v https://DOMAIN/yunohost/admin/` say ?
its connecting to the ip address that yunohost gave it
[11:54:54]
<Solrac> https://aria.im/_matrix/media/v1/download/matrix.org/ZSeiXhfzGKQxKkjTdPuyOdit
[11:55:27]
<Solrac> > <@lsolrac:matrix.org> Someone suggested to do something like this
> 443 - ISPBox --> 8443 - OpenWRT --> 443 - server
> 80 - ISPBox --> 8080 - OpenWRT --> 80 - server
However, this is also in place 🤔
[11:56:39]
<Solrac> curl hangs though
[12:01:52]
<selfhoster1312> wait what is your server IP ? i can see you said earlier there were some redirection problem i think that's normal if you changed the port on openwrt
[12:02:27]
<selfhoster1312> yunohost has no idea about this so if it creates http(s) links it will be on default ports, that may not be the problem but it can be one problem
[12:03:15]
<Solrac> > <selfhoster1312> wait what is your server IP ? i can see you said earlier there were some redirection problem i think that's normal if you changed the port on openwrt
you mean locally? or internet-wide? I set up the auto DNS cause of possible IP Changes 🤔
[12:03:24]
<selfhoster1312> and what happens when you resolve teh name locally ? like `curl --insecure -v --resolve DOMAIN:SERVERIP https://DOMAIN/yunohost/admin/`
[12:03:57]
<selfhoster1312> ^local server IP of course
[12:04:33]
<selfhoster1312> then `curl --insecure -v --resolve DOMAIN:OPENWRT:8443 https://DOMAIN/yunohost/admin`
[12:04:40]
<selfhoster1312> please poste pastes not screenshots :)
[12:04:53]
<selfhoster1312> https://paste.yunohost.org/
[12:05:05]
<Solrac> > <selfhoster1312> please poste pastes not screenshots :)
my apologies
[12:09:33]
<selfhoster1312> no worries :)
[12:10:33]
<Solrac> OpenWRT = Server's local IP address on OpenWRT? 🤔 cause I'm getting an error and, also I can't access `openWRT.ip.ad.dr:8443`
[12:10:50]
<Solrac> https://paste.yunohost.org/ituyudabip.nginx
[12:11:45]
<selfhoster1312> you should use your actual domain name not "mydomain" :)
[12:12:06]
<selfhoster1312> and with the yunohost IP it would be port 443 not 8443
[12:12:10]
<Solrac> Oh, I did. I just replaced it after the paste
[12:12:33]
<Solrac> > <selfhoster1312> then `curl --insecure -v --resolve DOMAIN:OPENWRT:8443 https://DOMAIN/yunohost/admin`
sorry 😅 I was following this to the letter
[12:12:55]
<Solrac> sadly, the same error occours
[12:15:40]
<selfhoster1312> oh sorry it's the other way around for --resolve, also it's not for custom port number... better do `--connect-to mydomain:443:OPENWRTIP:8443`
[12:16:33]
<Solrac> so; `curl --insecure -v --connect-to mydomain:443:OpenWRTIP:8443` ?
[12:16:49]
<selfhoster1312> yes, then the same but with YUNOHOSTIP:443 at the end
[12:17:10]
<Solrac> so the IP on the auto dns record?
[12:17:31]
<selfhoster1312> no the local IP 192.168.1.whatever
[12:17:40]
<Solrac> ah
[12:18:43]
<Solrac> No URL Specified error ay lmao, should I separate them?
[12:18:48]
<selfhoster1312> you can edit DOMAIN and PUBLIC_IP in this script if you like:https://paste.yunohost.org/midurutolu.bash
[12:18:58]
<selfhoster1312> don't forget to add https://DOMAIN/yunohost/admin/ at the end
[12:20:59]
<Solrac> Well, gosh darnet, I got some HTML on my terminal
[12:22:53]
<Solrac> Well not HTML, but the output in log _is_ html https://paste.yunohost.org/potifovula.hs
[12:26:03]
<selfhoster1312> Solrac, i sent you a private message so we don't have to spam everyone with this :)
[12:27:27]
<Solrac> Oh snap, thank you
[12:27:47]
<Solrac> Yeah I was going to ask (way earlier) if making a thread could be something we could do 😅
[12:32:12]
<Solrac> Thank you for your patience, everyone
[12:34:31]
<selfhoster1312> Solrac, did you see my private message?
[12:34:50]
<Solrac> > <selfhoster1312> Solrac, did you see my private message?
Yes. I also replied
[12:35:07]
<selfhoster1312> didn't receive... fuck this matrix bridge xD
[12:35:57]
<Solrac> Ayyy McLmaaaaaooo that's what convinced me to use yunohost in the first place 😂
[12:37:11]
<selfhoster1312> matrix? it's not the worst... it could be better with better bridges instead of shiny new features :)
[12:38:01]
<Solrac> > <selfhoster1312> matrix? it's not the worst... it could be better with better bridges instead of shiny new features :)
On what might you be on? Discord? IRC? Telegram? v:
[12:38:40]
<selfhoster1312> IRC/XMPP :)
[12:38:53]
<selfhoster1312> i'm on libera.chat via XMPP bridge
[12:39:39]
<Solrac> I'll try going intothe libera chat and contating you there
[13:52:24]
<Solrac> selfhoster1312: you around by chance? v:
[13:52:45]
<selfhoster1312> yup
[14:46:38]
<selfhoster1312> so the mystery of the broken port redirect is solved: Liberty ISP in puerto rico does CGNAT so no port 80/443 for Solrac 🙁
[14:47:06]
<Solrac> And yunohost can't use "exotic" little-use ports, can it?
[14:47:22]
<Solrac> or rather, port forward it, I gues
[14:48:10]
<selfhoster1312> *technically* you can but the problem with CGNAT is you never know which ports are open for you
[14:48:25]
<selfhoster1312> they're open when you open an outbound connection but not stable on inbound
[14:48:34]
<selfhoster1312> so most probably *not*
[14:53:20]
<Solrac> so no garantee something around the range of 25565 could work?
[14:53:51]
<selfhoster1312> nope
[15:20:58]
<Solrac> they told me to open ports :^) as in Port Triggers.
Also a static IP is an aditional 25usd :^)
[15:44:32]
<Solrac> Someone mentioned Cloudflare tunneling. I'm looking into that atm
[15:45:34]
<Solrac> the workaround being; you change the domain's nameserver. But Gandi cuts access to the DNS config (in their admin ui) if you use a custom nameserver. I should be able to let Yunohost handle that automatically and it _could_ work, right?
[16:18:56]
<selfhoster1312> well yes Cloudflare tunnel is a VPN so that would work although your server won't be reachable outside of cloudflare
[16:19:07]
<selfhoster1312> so no federation (email/xmpp/activitypub/matrix)
[16:42:34]
<Solrac> So, maybe BoringProxy might be better?
[16:42:42]
<Solrac> I was thinking maybe using Oracles Free Tier
[17:02:43]
<Solrac> Might I ask, are there any recomended Tunnels? 🤔
[17:03:04]
<Solrac> and/or VPSes for tunnels?
[17:09:36]
<selfhoster1312> for tunnels, njalla.is or any one from ffdn.org
[17:09:50]
<selfhoster1312> for VPS i don't have good recommendations... oracle is nice but they may suspend your account anytime
[17:22:58]
<Solrac> > <@ngill:nortel.cloud> Any public facing VPS could work just fine. While setting up my instance I was experimenting with using a wireguard tunnel and just having the public VPS forward all traffic to my server. This article describes the process https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet/
Might I ask about the specs of your VPS? I was looking at some free ones, and for traffic alone, I was curious if 1cpu and 512mb, with unlimited bandthwith is good enough
[17:22:58]
<Nicole> > <@lsolrac:matrix.org> I was thinking maybe using Oracles Free Tier
Any public facing VPS could work just fine. While setting up my instance I was experimenting with using a wireguard tunnel and just having the public VPS forward all traffic to my server. This article describes the process https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet/
[17:28:14]
<Nicole> I didn't end up using this solution but I would imagine any VPS with unlimited transfer and some reasonable network speeds would be a good fit.
[17:29:23]
<Nicole> (I would have only needed this solution to bypass the port 25 restriction of my ISP, but I decided I didn't care about self-hosting email so)
[17:31:44]
<Solrac> Was looking at this https://lowendstock.com/ which lead me to https://justhost.ru/en/?ref=26313
[17:33:06]
<Solrac> otherwsie the oracle
[17:39:37]
<Nicole> It could be worth trying a few different ones out. Unlimited bandwidth is good but if you only get like 10mbps throughput that might be a dealbreaker
[18:49:06]
<Solrac> > <@ngill:nortel.cloud> It could be worth trying a few different ones out. Unlimited bandwidth is good but if you only get like 10mbps throughput that might be a dealbreaker
🤡
https://code.whatever.social/questions/64084304/the-total-amount-of-free-network-bandwidth-an-always-free-compute-can-use-for-a#64084462
[18:50:55]
<Solrac> > 10 TB/month Outbound Data Transfer
> 1 Load Balancer, 10 Mbps bandwidth
[18:55:45]
<Nicole> Aren't load balancers different from VPSs? Either way if that is your bandwidth cap for a VPS that's pretty bad lmao
[19:14:58]
<Solrac> I think its 10mbps throughput and 10TB Bandwith?
[20:42:23]
<Solrac> pardon me it didnt occour to me to look for a guide to tunnel yh to a domain 🤦♂️ is there a guide? Cause the guides Im seeing is just for the VPS' public ip. I assume I can just link that to the DNS zone?
[21:19:05]
<Nicole> Yeah you'd point all your DNS records to your public VPS's IP rather than your home IP
[22:19:29]
<Solrac> and what about YunoHost's DNS settings?
[22:20:55]
<Solrac> I'm following this guide; https://www.reddit.com/r/selfhosted/comments/u8n5hz/how_to_bypass_cgnat_and_expose_your_server_to_the/
And so far it's mixed. I technically finished the steps but I can't access my yunohost pages
[22:21:51]
<Solrac> Mind you, I also can't use (localip)/searxng or (localip):5353
[23:14:26]
<Solrac> https://aria.im/_matrix/media/v1/download/matrix.org/tOMnZNgGDrbBpNUjXHiFsGEm
[23:17:24]
<Solrac> Massive Win. However, it is also the only one that I can access 😂
[23:36:34]
<Solrac> So, any other ways to access your applications and services? Considering that (localip or domain)/appthings isn't going to work like yunohost expects?
[23:37:11]
<Solrac> sorry, (ip or domain)/anything redirects to the admin ui
[23:47:54]
<@err404:matrix.org> maybe you are (temporary) banned by fail2ban because you tried many time to access to the yunohost portal, please try again later (I don't know the delay to be debanned)
[23:51:31]
<Solrac> Maybe, but /appName has never worked for me, sadly