DNS/Hostname setup with Amazon Lightsail

diagonali · June 28, 2020, 4:10pm

I’ve searched and read the docs and forum posts but just need a bit of clarity/ help please where a few possibly obvious (not to me) questions are coming up while I try to setup Virtualmin on an Amazon lightsail instance and I’m having endless trouble figuring out the correct way to set things up and keep getting errors. I’m looking for information on the technically “correct”/“ideal” way to set these settings:

Some background:

I’ve got a domain name set up to use Cloudflares DNS servers and have just two “A” name entries in DNS:

“mysuperdomainname-co.uk” points to my Amazon Lightsail instance static IP
“www” also points to my Amazon Lightsail instance static IP

I’ve setup an Ubuntu 18.04 instance and installed Virtualmin in the normal way. All seems ok…

When it comes to the Post-installation Wizard, the “Primary nameserver” field automatically picks up “ip-172-26-2-116,eu-west-2,compute,internal” which clearly isn’t going to work.

First question is, do I set this to something like “srv,mysuperdomainname,co,uk” and then add another “A” name entry into Cloudflare DNS pointing “srv,mysuperdomainname,co,uk” to my Lightsail public IP?

The DNS flow, as far as I can tell (let me know if wrong) is:

Domain name gets resolved at Cloudflare DNS -> Gets sent to my Lightsail public IP -> Gets sent to Virtualmins DNS Bind -> Gets sent to whichever Virtual Server is configured?

Next, like others, I got the " Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server. Either add 127.0.0.1 to the list of DNS servers, or turn off the BIND feature" notice when checking configuration… I click through to Hostname and DNS Client settings and see the following:

Hostname: ip-171-23-4-204
Resolution order: Hosts file, DNS
DNS servers: 127,0,0,53
Search domains: eu-west-2.compute.internal

So I move 127,0,0,53 down one line and add 127,0,0,1 to the first line, as instructed.

Second question: What are correct/valid values for Hostname here and how does it impact the Virtualmin installation and DNS Bind feature? Would it work/be a good idea to make it “srv,mysuperdomainname,co,uk”? I’ve set it to “msc”, is that good enough/technically ok?

Also, what does the Search domains value need to be?

The other main difficulty I’m having is that my primary domain name, “mysuperdomainname,co,uk” which points to the Lightsail instance static IP, is the same domain name I want to use to set up as a virtual server (with associated LAMP setup). I’ve tried this and it seems to work but I keep having issues with SSL and I’m wondering:

Does it create a conflict if the same domain name associated with the main server (Lightsail instance) and Virtualmin installation, is then used to setup a Virtual Server within Virtualmin? If this is not technically a problem, what’s the correct way to set this up in relation to the above questions about DNS, hostnames etc so that the domain name (with SSL - I’d like to use LetsEncrypt for this) works to access both Virtualmin on port 10000 and otherwise resolves to a website hosted as a Virtual Server?

I think that the Amazon Lightsail instance has certain built in settings that need to be configured correctly that I’m not able to figure out how it all should link together. For example, the System hostname shown in System Information is currently
“msc,eu-west-2,compute,internal” and I get the sense that this isn’t going to work? What other settings do I need to check that Lightsail might be setting in order to allow Virtualmin to work correctly?

Would really appreciate some help with the above questions. I know enough to know the answers are probably obvious to someone who already knows but I’m struggling to figure out how it all fits together when using Virtualmin on Lightsail and how that links to the DNS settings (in Cloudflare).

I’m also happy and able to get in and edit some files manually if needed but again, from reading through forum posts and documentation, I’ve not yet been able to find out which files to check, where they’re located and what the entries in them needs to be.

(PS I’ve replaced periods with commas in the above because as a new user I can’t post more than 2 “links”)

Many thanks

calport · June 29, 2020, 1:59am

Yes, you should.

That’s fine…

That’s fine, too.

diagonali · June 29, 2020, 12:15pm

@calport Thanks for getting back to me to clarify. I’ve now set up as best as I can and added ns1 and ns2 to Cloudflare DNS pointing to my main IP (18,132,253,154).

I also noticed your post here which was useful (I note your point about posting actual IP addresses and domains!), along with this FAQ page

I’m not entirely sure that setting the “ns1” and “ns2” entries in Cloudflare DNS will work in the place of “real” glue records(?), which I don’t think they support as far as I can tell. I’ve also added “ns1” and “ns2” within the DNS records for the Virtual Server for “mosaicitsupport,co,uk”. Hostname is currently set within Webmin to “mscsrv”.

I’ve set up “mosaicitsupport,co,uk” as a Virtual Server and I can see an index.html file I placed in the public_html directory, but when I try to load “https,//mosaicitsupport,co,uk”, the page never loads (I’ve set up Lets Encrypt for the domain also and copied this to Webmin and Usermin. Interestingly, “https,//mosaicitsupport,co,uk:10000” resolves to the Virtualmin admin panel fine, so clearly the Virtual Server isn’t resolving correctly for the same domain name.

There’s clearly a misconfiguration issue here. I’d be happy to move my DNS provider if actual glue records are necessary. I’m just trying to figure out why https,//mosaicitsupport,co,uk wont resolve to the Virtual server I’ve set up. Any ideas or settings to check would be greatly appreciated and of course if you’d need any more information please let me know.

(still new user no some links have , instead of .)

calport · June 29, 2020, 2:25pm

Glue records would be ideal but what you have done will also suffice.

When I checked just now, I was unable to access the website or Virtualmin on your domain. I tried your IP address 18.132.253.154 with the same result, so am unable to diagnose further.

I am assuming you have configured the Lightsail firewall via their control panel to open the required ports.

diagonali · June 29, 2020, 2:47pm

Hi, thanks for confirming. Very sorry to have bothered you with all this because as it turns out, I’d stupidly assumed that Lightsail would have opened port 443 and have been trying for the last 3 days to get SSL working for the domain, which of course it wouldn’t no matter what I did with DNS settings. Turns out, port 443 wasn’t open! After opening port 443, Letencrypt then refused to generate an SSL certificate for the domain since apparently I did it “too much” for the domain in all my attempts to get it working. In a fit of frustration (with myself), I deleted my Lightsail instance, closed all my many tabs with information and guides to DNS open and have since had a cup of tea and calmed down. I’m about to set it all up again without making the same firewall mistake and link to another domain name! Hopefully I can get it working this time. Thanks again and appreciate your help.

calport · June 29, 2020, 2:50pm

I use Lightsail with Virtualmin too and it is a good, low cost service once you understand its quirks. All the best with your next attempt and do shout if you need help.

system · July 29, 2020, 2:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.