Https website unreachable

Yes, just started it again. New Vm, clean Ubuntu 20.04 fully updated/upgraded. No errors at installation. Configuration of virtualmin also shows no errors. External adress is recognised as…27.1, but I changed it in the network settings to use …27.27. Seems to work. Installed a virtual server at decentraalinternet.nl again. It uses the correct ns1 and ns2.hostservicedns.com this time. SSL certificate is requested without any problems:

afbeelding1392×248 15.8 KB

Still: https://decentraalinternet.nl

This is starting to drive me nuts…

It is normal for virtualmin to use the external IP address for the DNS. You should not change this to be on an internal IP address.

The Ubuntu server will have an internal IP address but all of the DNS needs to have the external IP address.

Also, your browser, clear the cache or try using privacy mode. Try ctrl+F5 etc .

Also I am not sure your router supports NAT reflection so you need to use split DNS. Simple answer is to put an entry for the domain name in your hosts file of your pc, but here you would use the internal IP. This is not split DNS but should allow you to work. Split DNS is where you put an entry in your DNS resolver on your router and again here you would use the local IP address of the Ubuntu server

An Example Setup

• external IP: 171.171.171.171
• ubuntu server IP: 10.0.0.50

Port forward from 171.171.171.171 to 10.0.0.50 both UDP and TCP

• 80 - http
• 443 - https
• 53 - DNS

For access you website from your local network do one of 2 things

• Split DNS - set each domain you host to have a record pointing to 10.0.0.50 in your routers DNS resolver
• Hosts file - add an entry in our windows hosts file for 10.0.0.50

image800×352 43.8 KB

Lastly

Check from the internet and not your local network to see if things are working. best way is to use your mobile but turn the wifi off. VPN can work but mught have issue with dns.

I understand it needs an external address. But the external address os the address of the VM at 27.27, not the router. FYI, this is a massive HP server running a dozen VM’s in a datacenter behind that router at …27.1.

This particular vm has IP 27.27.

afbeelding807×490 17.5 KB

I think this is therefore correct?

Regarding yoru split DNS…now you’re losing me, simply because of lack of knoweldge. But since all other services behind that router are reachable, I can’t image that device suddenly has an issue? But again, newbie here.

I tried reaching https://decentraalinternet.nl from several devices, VPN and browsers and although the error message changes, it won’t load. I assume you all see the same thing??

So have you created port forwarding or a DMZ to pass traffic to the server?
Routers by default will block traffic.

Not sure what is going on. The Ubuntu holding page on http indicates the virtual servers are not running correctly.

Can you do a simple network diagram with draw.io, this might help me see what is going on.

From what you have told me it might not be a routing issue but a misconfiguration some where.

And I can have another look.

image546×679 17.8 KB

image719×274 22.7 KB

so we can exclude any problems with the vm running behind a domestic router
so this only leaves apache configuration as @stefan1959 mentioned way back, it would be good to see the apache configuration for the domain you can view that at

Webmin->Servers->Apache Webserver->server name (443)->Edit Directives

from that you/we might be able to see an error in the config also restart the apache server, using the terminal as the root user

using

service apache2 restart && service apache2 status

and looking at the output from that to see if there are any errors
I would also turn off IPV6 as you get

image1506×602 29 KB

This is the apache file from decentraalinternet.nl:443 I’m not sure if thereś any mistakes in here?

SuexecUserGroup “#1001” “#1001”
ServerName decentraalinternet.nl
ServerAlias www.decentraalinternet.nl
ServerAlias mail.decentraalinternet.nl
ServerAlias webmail.decentraalinternet.nl
ServerAlias admin.decentraalinternet.nl
DocumentRoot /home/decentraalinternet/public_html
ErrorLog /var/log/virtualmin/decentraalinternet.nl_error_log
CustomLog /var/log/virtualmin/decentraalinternet.nl_access_log combined
ScriptAlias /cgi-bin/ /home/decentraalinternet/cgi-bin/
ScriptAlias /awstats/ /home/decentraalinternet/cgi-bin/
DirectoryIndex index.php index.php4 index.php5 index.htm index.html
<Directory /home/decentraalinternet/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

<Directory /home/decentraalinternet/cgi-bin>
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

ProxyPass /.well-known !
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.decentraalinternet.nl
RewriteRule ^(?!/.well-known)(.) https://decentraalinternet.nl:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.decentraalinternet.nl
RewriteRule ^(?!/.well-known)(.) https://decentraalinternet.nl:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.4
<FilesMatch .php$>
SetHandler proxy:unix:/run/php/170776750890270.sock|fcgi://127.0.0.1

SSLEngine on
SSLCertificateFile /etc/ssl/virtualmin/170776750890270/ssl.cert
SSLCertificateKeyFile /etc/ssl/virtualmin/170776750890270/ssl.key

AuthName “decentraalinternet.nl statistics”
AuthType Basic
AuthUserFile /home/decentraalinternet/.awstats-htpasswd
require valid-user

SSLCACertificateFile /etc/ssl/virtualmin/170776750890270/ssl.ca
SSLProtocol +TLSv1.2 +TLSv1.3

This is the result after restarting apache:

image741×235 15.3 KB

I’m on linux laptop now and noticed this firefox sows this error at https://decentraalinternet.nl:

image841×388 36.3 KB

This implies there’s still an SSL error with the certificate…?

Last; by no means I’m looking for anyone to (unpaid) help me out, but since we’re still in a testing phase, I would have no problems creating another user with root access if anyone would like to dive in themselves?

For reference:

• host1.hostservice.nl (178.251.27.27)
  • virtualmin server hostname
  • Webmin works
• hostservicedns.com (178.251.27.27)
  • registered with namecheap and created 2 nameservers there = this is wrong - you set up child name server reference pointing to your virtualmin server
  • and also set it up at virtualmin to act as my own personal nameservers. Seems to work.
    ie ns1.hostservicedns.com and ns2.hostservicedns.com
• decentraalinternet.nl (178.251.27.27)
  • virtual server
  • 
    This is caused by Virtualmin not performing SNI correctly or at all. This is also the same for when the Ubunut holding page comes up

Conclusion

• routing seems fine
• webmin is running fine
• It is not a SSL issue, this is a secondary issue so should be ignored for now
• It is an issue with the virtualmin configuration, and in particular the apache configration.
• Your Apache config has 2 changes to mine
• You are running PHP in CGI mode?
• Your SSL statement is different
  • Yours: SSLProtocol +TLSv1.2 +TLSv1.3
  • Mine: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Questions

• Have you messed about with any configurations manually?
• Is there a index file in the public_html folder
• Have you added an settings in the server template for Apache (Website for Domain)
  
  

  image817×440 32.7 KB

You should try

• Create a new Virtual server:
  • with a random domain name, i.e. chocolatefactory123.com , use windows host file override an see if it loads normally. This might also fix the other sites.
  • don’t install a lets encrypt SSL
• Try using PHP-FPM , I am not sure this will fix it but it is worth a go
• Try my SSLProtocol statement
• re-run the Virtualmin wizard. you can do this without re-installing. I would also do the advanced section aswell as I always go through this bit myself.

I have not messed around with any files manually, that’s why I made another clean install again 2 days ago to rule out any wrong settings.

I’m not in the office today but will give your suggestion a try tomorrow.

Meanwhile; thank you all for your endless help so far, very warm welcome…

What are the differences between SSL and TLS?

In general, there are no major technical differences between [SSL] and TLS protocols, however, both have specific standards.

TLS can operate on different ports and uses stronger encryption algorithms, such as Keyed — Hashing for Message Authentication Code (HMAC). SSL only uses the Message Authentication Code (MAC) algorithm.

how, please enlighten me

Because I did it on mine when I had this issue. When I did not have any configure virtual servers adding one finished whatever Virtualmin needed to do and then it works so it might help here.

hmm just made loads of irrational decisions when creating a domain, creating a new domain did not help, I guess you were lucky. The issue here seems to be a mixture of things, but you are right that the OP needs to fix the ‘wrong site showing up’ issue first before continuing

I don’t know if in all distro options the result is the same. I did a test with my websites online at Virtualmin → System Settings → ReCheck Configuration.
I found that on each VM > Web Configuration → Configure SSL Website → SSL Options → Two options are active TLSv1.2 and TLSv1.3.
Everything works.

You have to look at the logs.

But, seems like some kind of junk is in your cert files or the configuration is pointing to the wrong place for TLS certs.

Wow, much to try upon, thank you. In no particular order:

@jimr1 When I check the IP addresses according to that link you sent, these are the results:

afbeelding1122×711 179 KB

the ip in the decentraallinternet.nl virtual hosts file 10.20.4.2 change to 178.251.27.27 and remove the ipv6 address (for now) and restart apache, then try