Hi guys,
I am almost lost for words…i woke up this morning, after obviously having been asleep and I cannot log into Virtualmin.
I havent used this control panel in 2 days and it was working no problem when i was last logged in.
I am able to SSH into the VPS
The server is still running…webpages appear to be working ok on it, i just get the following error
This site can’t be reached
server3.goannawebhosting.com.au took too long to respond.
Try:
Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_TIMED_OUT
I attempt to log into 2 other VPS (1 VestaCP, 1 ISPConfig) and neither of them log in…same error.
I have tried restarting all three VPS…does not seem to make any difference…I cannot log into the CP’s of any of them.
I am stumped!
EDIT…
I have just thought of something…its the only thing that i know i have had problems with since accessing CP’s 2 days ago.
about 24 hours ago, i had problems with out internet modem here at home and i disconnected it and installed another one. I have also been on the phone complaining with our service provider (god knows what they have been up to). Anyway, i ended up putting our original modem back in and am running off that, however, i may have changed its security settings, or reset it.
We do run off a static IP address here, and that address is still same. Is it possible that this stuffing around with my modem is preventing me from accessing all of the 3 control panels…even though i can still access the Google Cloud Console and SSH into them?
problem solved…I will be buggered.
In changing my office modem firewall setting to high (instead of normal), i prevented myself from accessing Virtualmin, VestaCP, and
ISPConfig Control panels on 3 separate instances on Google Cloud Compute. However I was still able to access everything else normally (ie log into GCE and SSH in to instances no problems)
Is this a bug with these CP’s?
What i suspect is that it is because i am only using a self signed SSL for my virtualmin, vestacp, and ispconfig control panels, lowering my own modem security settings solved the problem.
Hope this help others who may also encounter this issue.
I’m not sure how this one could possibly be our fault.
Your modem/router presumably blocked the ports we run on; they are uncommon ports (because all the common ones are already taken for the common services like ssh, ftp, mail, www, etc.).
You missed my last part joe…i suspect its because of the self signed ssl certificate i am using on all three cp’s.
In terms of a bug, i reckon this too is related to self signed ssl certificates in that my router firewall software blocks them when security level is increased. What suprised me is that im the one initiating from my end out to my own server cpanels…that had me stumped.
This is a helpful bit of info for others who may encounter an unexplained failed to connect error.
We are always hearing about checking firewalls however for me in the past it has always been my server firewall…never my office one.
I’d be surprised if a modem/router can detect that. The traffic would already be encrypted by the time the router sees it…it can’t know the certificate is self-signed, as far as I know. Only your browser knows the details of the certificate (unless the router independently makes a request and fetches the certificate itself). I’m guessing it just doesn’t allow port 10000 or other odd ports.
You could test to be sure, just by turning up the security again and then explicitly allowing port 10000.
You can, of course, get a Let’s Encrypt certificate for your server and copy it to Webmin so you don’t get certificate warnings. That’s not a bad practice, in general, but I don’t think it would resolve the issue with your router.
I just assumed that since i am initiating the connection to webseever from my end, my own modem would allow communication based on the port i specifiy in the seever3.foo.com:10000 url? (It also blocked ports 8080 and 8083 on each of my 2 other server control panels)
I dont think its complaining about the ports but your right it could be…i figured its seeing the generic errors that google chrome and internet explorer throw when one accesses a self signed website https…they always throw a secjrity risk warning. Its this warning i thought is triggering the router firewall.
Eventually i will install a letsencrypt ssl cert and see what happens. It does ask the question though, if this were the case then thereoretically a hacker would hae to lower their own firewall settings to hack in to a self signed cpanel url. That could offer a means of “returning fire” with some of their own medicine. Food for thought for the brilliant developer mind…a built in “h bomb” for someone hacking in from outside would be awesome…i would pay for that kind of defense.
