[solved]Nginx ignoring one ddns, after creating LE-Cert for another one

It is hard for me to explain (and understand) what went wrong so please bare with me.
I had two differen DDNS adresses configured withing nginx. Both to the same RasPi Device, but to different ports. So with typing flosen.duckdns.org in the webbrowser I will get to service1 and with komba.myftp.org I will get to service2. The duckdns is also configured in my router so with typing flosen.duckdns.org:portXY in the browser I will get to the webUI of my router. That worked well, until I configured an Lets Encrypt certificate for komba.myftp.org. Now every service is only available through the myftp address. I even get to my router if I type komba.myftp.org:portXY.

I now deleted the whole nginx docker container as I couldnt be bothered to crawl through the config files and thought that maybe a fresh reinstall would do the job. But eventhough nginx isn't installed at the moment, the problem of reaching all the services with address2 persists.

Tl;dr: configured two individual ddns inside nginx (without SSL), when creating a LE-Cert for address2, all services that were routed to address1 are now only accessible through address2. After deleting nginx completely, problem persists. Even my router, that got address1 configured, is now only accessible through address2.

Setup:
Raspberry Pi4, AVM FritzBox 7490, Docker with Portainer (Most recent versions), nginx v2.9.18 via JC21 (didnt touch the config file)

If you need any further information, let me know; I'm absolutely willing to learn and get everything running.

Both hostnames resolve to different IP addresses. Probably something going wrong with your dynamic DNS? That's not something a Let's Encrypt certificate would change.

4 Likes

Within nginx, both hostnames resolve to the same IP (the Pi) but different ports (the different services). The duckdns indeed is already used within my router, but only with the specific portnumber behind it. What confuses me is the fact that even after I deleted nginx, the duckdns still isnt connecting me to the router, but the myftp does. The problem sure could lie anywhere else, all the stuff just occured after I configured a certificate for the myftp dns, that's why I thought there could be a correlation.

Edit:
E.g. you will reach my FreshRSS through komba.myftp.org:8585 . I dont have any nginx instance or anything else setup that would tell this service to be available through the myftp address. Initially it was setup to be accessible through flosen.duckdns.org:8585 within nginx, until that shenanigans happened.

I mean from the public internet:

osiris@erazer ~ $ dig +short flosen.duckdns.org
79.211.94.182
osiris@erazer ~ $ dig +short komba.myftp.org
79.194.223.218
osiris@erazer ~ $ 
2 Likes

Uh that's interesting. One of the IPs indeed is wrong but I've got no idea why. Gonna have a look into that! I'm still wondering how it's possible to reach several services through komba.myftp.org, even if it isn't defined to do so.

You might be putting too much emphasis on an FQDN.
Names are merely IPs translated into human readable characters.
Multiple names may have the same IP.
Which means:
nameX:portZ
and
nameY:portZ
May in some cases, connect to exactly the same device:port.
Why?
Because unless some smart device (using something like SNI) is handling the names, all names are just IPs and that results in:
IP1:portZ
and
IP1:portZ

2 Likes

I think that's where the nginx of OP comes into play.

However, when portZ is the port of your routers webinterface, nginx doesn't come into play. Nginx probably listens on other ports than the routers webinterface and the port configured for the routers webinterface can't be mapped to nginx usually. (Although in principe it's possible to set up nginx to reverse proxy some hostname to the internal IP address of the router.)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.