Unfortunately, I can no longer reach my internal services (like nextcloud), neither from the same network nor from the outside.
I didnβt change any config file or router settings recently.
So I am a little clueless how to trouble shoot.
I am using nginx as webserver and used to reach multiple services via subdomain and https.
One example how I set up nextcloud:
/etc/nginx/sites-enabled/nextcloud server {
root /var/www/nextcloud;
index index.php index.html index.htm index.nginx-debian.html;
server_name domain.duckdns.org;
include /etc/nginx/sites-dietpi/dietpi-dav_redirect.conf;
include /etc/nginx/sites-dietpi/dietpi-nextcloud.conf;
proxy_read_timeout 600;
#location / {
# try_files $uri $uri/ =404;
#}
location ~ \.php(?:$|/) {
include snippets/fastcgi-php.conf;
fastcgi_pass php;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.duckdns.org/fullchain.pem; #>
ssl_certificate_key /etc/letsencrypt/live/domain.duckdns.org/privkey.pem;>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = domain.duckdns.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name domain.duckdns.org;
return 404; # managed by Certbot
}
I checked https://dnschecker.org/. I get only green check marks after checking my DYNDNS domain.
I also checked dietpi-ddns and get an βokβ
The ports 80 and 443 are forwarded on my router (Fritzbox), as before.
When I try to renew my SSL certificates via certbot renew --dry-run
I get the error: Domain: domain.duckdns.org Type: connection Detail: [IP]: Fetching http://domain.duckdns.org/.well-known/acme-challenge/BWhi_iY9J6Y_FcQhFGAWSehZIKVUlce6yoz66XWzUbw: Timeout during connect (likely firewall problem)
There is no errors in the error.log of nginx
What can I do to find out why I can no longer reach my PI and its services from the outside or the inside?
Any help would be much appreciated.
Yes, I can access all services via their local address without issue.
root@DietPi:~# dietpi-services status
DietPi-Services
βββββββββββββββββββββββββββββββββββββββββββββββββββββ
Mode: status
[ OK ] DietPi-Services | redis-server active (running) since Wed 2024-11-13 15:20:11 GMT; 4h 38min ago
[ OK ] DietPi-Services | mariadb active (running) since Wed 2024-11-13 15:20:41 GMT; 4h 37min ago
[ OK ] DietPi-Services | php8.2-fpm active (running) since Wed 2024-11-13 15:21:03 GMT; 4h 37min ago
[ OK ] DietPi-Services | nginx active (running) since Wed 2024-11-13 15:21:05 GMT; 4h 37min ago
[ OK ] DietPi-Services | vaultwarden active (running) since Wed 2024-11-13 15:20:15 GMT; 4h 38min ago
[ OK ] DietPi-Services | filebrowser active (running) since Wed 2024-11-13 15:20:02 GMT; 4h 38min ago
[ OK ] DietPi-Services | docker active (running) since Wed 2024-11-13 15:20:47 GMT; 4h 37min ago
[ OK ] DietPi-Services | cron active (running) since Wed 2024-11-13 15:20:41 GMT; 4h 37min ago
[ OK ] DietPi-Services | ssh active (running) since Wed 2024-11-13 15:20:12 GMT; 4h 38min ago
[ OK ] DietPi-Services | tailscaled active (running) since Wed 2024-11-13 15:19:58 GMT; 4h 38min ago
[ INFO ] DietPi-Services | dietpi-vpn inactive (dead)
[ OK ] DietPi-Services | pihole-FTL active (running) since Wed 2024-11-13 15:20:04 GMT; 4h 38min ago
[ OK ] DietPi-Services | unbound active (running) since Wed 2024-11-13 15:20:17 GMT; 4h 38min ago
[ INFO ] DietPi-Services | dietpi-cloudshell inactive (dead)
[ OK ] DietPi-Services | dietpi-ramlog active (exited) since Wed 2024-11-13 15:19:40 GMT; 4h 38min ago
[ OK ] DietPi-Services | dietpi-preboot active (exited) since Wed 2024-11-13 15:19:46 GMT; 4h 38min ago
[ OK ] DietPi-Services | dietpi-postboot active (exited) since Wed 2024-11-13 15:20:02 GMT; 4h 38min ago
[ OK ] DietPi-Services | dietpi-wifi-monitor active (running) since Wed 2024-11-13 15:20:02 GMT; 4h 38min ago
maybe contact your ISP. Looks like some kind of CGNAT enabled. Hope they can explain the difference between the 2 IP address. At least nothing that we could influence from DietPi side.
I wil give that a try but I feel I know what the answer is.
In that case: if cgnat is enabled, is there ANYTHING I could do in that case or is it just not possible to reach my pi via ddns (excluding VPN and the like)?