Hooked up my server at my daughter's house and i get the same issue. They upgraded he router and it has cg-nat as well. Signed into her router and got her wan ip - 24.112.29.7. Then setup port forwarding to my server 192.168.0.24. I then went to check-host.net and get the 10.81... address scheme. Pics attached. I'll just work with my ISP after my move in a couple weeks. Thank for all your input guys. Happy holidays to all...
3 Likes
So you need to adjust the DNS A record for check-host.net from 100.81.231.60 to 24.112.29.7,
and then wait the Time To Live (TTL) for the DNS records to propagate.
You can check the TTL here DNS Lookup - Check DNS Records in the SOA & NS records.
3 Likes
Oh damn it. I missed that. Thanks, but I’ll wait till I move. Thank you…
3 Likes
Having the IP address 24.112.29.7 at the WAN port of the router suggests there is no CG-NAT at play.
4 Likes
Having the IP address 24.112.29.7 at the WAN port of the router suggests they don't need to do CGNAT.
But who are we to define logic to anyone?!?!?!
LOL
3 Likes
Thank you guys Already left her house. My bad on the A record. I’ll remember that next time. Thx
1 Like
I traveled back to my daughter's house and set the server up again remembering to correct the A record in godaddy's dns management. I can connect http://gwiz.site/nextcloud but not https://gwiz.site/nextcloud. See attached pics:
Is there anything listening on port 443?
Is port 443 being forwarded [as is port 80]?
I get:
curl -Ii https://gwiz.site
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
4 Likes
gary@nextcloud:~$ netstat -tulpn
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::9090 :::* LISTEN -
tcp6 0 0 ::1:6379 :::* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
That's good.
But is the router forwarding both ports?
4 Likes
Then we need to test local connections:
curl -Ik http://192.168.0.24/
curl -Ik https://192.168.0.24/
They should return the same thing.
HTTP/1.1 302 Found
Date: Mon, 05 Dec 2022 22:02:44 GMT
Server: Apache/2.4.52 (Ubuntu)
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Set-Cookie: ocq2kmjmfj5j=n4tad6nnthfogeoq4pho2eadhj; path=/; HttpOnly; SameSite=Lax
Set-Cookie: oc_sessionPassphrase=O%2BT24Y4ZfULR9qCU%2FOT1i6jLE%2FG1mttnYdF%2FJi7BQFVXRgQT9%2FpHgVF%2Bb7sRo9s%2Fl%2B84dn%2BvCvHkyH8i%2BIpbgv8UlseHD4O2wgIUcThrL9C0zlTMv%2BE51CwF0xr4R%2FK8; path=/; HttpOnly; SameSite=Lax
Set-Cookie: ocq2kmjmfj5j=ub5ftf8s9v08l3u1ajp454ghr5; path=/; HttpOnly; SameSite=Lax
Set-Cookie: nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-YytERlptTW5JUmJpNGFPdDRnaEFSUDhCM2NDc1RTK1VKNnRBK0NZeW9aWT06S1pLMkVpWUllQzZxc1l6SDJtc0RQWkZxa0t2MkpXUG1icE01Z1FsQXllST0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Location: http://192.168.0.24/index.php/login
Content-Type: text/html; charset=UTF-8
3 Likes
gary@nextcloud:~$ curl -Ik http://192.168.0.24/
HTTP/1.1 400 Bad Request
Date: Mon, 05 Dec 2022 22:03:11 GMT
Server: Apache/2.4.52 (Ubuntu)
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Set-Cookie: ocq2kmjmfj5j=rks0kbts5abl5sn7hqqjcs8912; path=/; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=qrc%2FtR87pmNNgXm7xbXj3Db0%2BSVs9Ywejh60SAP6%2BT%2FD8wbrn8qqvDWYEcsGvbDEiPO8yxFqiO9NWPAsHwHNgk7PA1nI8StoFONt2WhqLbHXRVfxGqvfhguc0OeDPtnc; path=/; HttpOnly; SameSite=Lax
Set-Cookie: ocq2kmjmfj5j=era45mkqlklklf2hfqe83qhcn4; path=/; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-bW05elZTYVVhTGdma2U2aVVzeXlDSXRRcnV1dVdwQVh0eDl5ZTl1THZ5VT06NndjRklrZnlHL1FvMHBtVGE1bjBSdGxtdzY3cktMOU8zV3dZS0xEbCtHQT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Connection: close
Content-Type: text/html; charset=UTF-8
gary@nextcloud:~$ curl -Ik https://192.168.0.24/
curl: (35) error:0A00010B:SSL routines::wrong version number
That's unexpected.
OK, that's "good" bad news.
LOL
3 Likes
This means we are getting through the router and the "problem" is within your web server configuration.
We should have a look at it.
4 Likes
Let's start with:
apachectl -t -D DUMP_VHOSTS
3 Likes
gary@nextcloud:~$ apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 nextcloud (/etc/apache2/sites-enabled/nextcloud-le-ssl.conf:2)
*:80 nextcloud (/etc/apache2/sites-enabled/nextcloud.conf:1)
gary@nextcloud:~$ cat /etc/apache2/sites-enabled/nextcloud.conf
<VirtualHost *:80>
DocumentRoot "/var/www/nextcloud"
ServerName nextcloud
<Directory "/var/www/nextcloud/">
Options MultiViews FollowSymlinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log
</VirtualHost>