I’m hoping someone can help me figure out what I’m doing wrong.
I have a VM on my local network that has Traefik, 2 apps (whomai and myapp), and wireguard in server mode (let’s call this VM “server”). I have another VM on the same network with Traefik and wireguard in client mode (let’s call this VM “client”).
both VMs can can ping each other using their VPN IP addresses
wireguard successfully handshakes
I have myapp.mydomain.com as a host override on my router so every computer in my house points it to “client”
when I run curl -L --header 'Host: myapp.mydomain.com' from the myapp container it successfully returns the myapp page.
But when I browse to http://myapp.mydomain.com I get “Internal Server Error”, yet nothing appears in the docker logs for any app (neither traefik container, neither wireguard container, nor the myapp container).
You’ll have to give more details. Where are you browsing from? How is the tunnel between the VMs relevant? Are the VMs’ IPs routed on the LAN? Is myapp.mydomain.com defined in a DNS server, and if so which? Is it the DNS server on the LAN or a public DNS? Do both VM and the machine you’re browsing from resolve that address to the same IP, and is that IP reachable from the browser machine?
I’m browsing from my laptop on the same network as promox: 192.168.1.0/24
The tunnel is relevant in that my ultimate goal will be to have “client” in the cloud so I can access my apps from the world while having all traffic into my house be through a VPN.
The VM’s IPs are 192.168.1.50 (“server”) and 192.168.1.51 (“client”). They can see everything on their subnet and everything on their subnet can see them.
Everything is using my router for DNS, and my router points myapp.mydomain.com and whoami.mydomain.com to “client”. And by “everything” I mean all computers on the subnet and all containers in this project.
Both VMs and my laptop resolve myapp.mydomain.com and whoami.mydomain.com to 192.168.1.51, which is “client”, and can ping it.
From the traefik container on the “server” VM (This is interesting. Why can’t I ping from this traefik installation but a can from the other? But even though it won’t ping, it did resolve to the correct IP):
$ ping whoami.mydomain.com
PING whoami.mydomain.com (192.168.1.51): 56 data bytes
ping: permission denied (are you root?)
Also, just to make sure the app is indeed running, I curled it from it’s own container (I’m using myapp here instead of whoami, because whoami doesn’t have a shell):
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
You’ll have to give more details. Where are you browsing from? How is the tunnel between the VMs relevant? Are the VMs’ IPs routed on the LAN? Is
myapp.mydomain.comdefined in a DNS server, and if so which? Is it the DNS server on the LAN or a public DNS? Do both VM and the machine you’re browsing from resolve that address to the same IP, and is that IP reachable from the browser machine?Thanks for helping, @lemmyvore@feddit.nl.
I’m browsing from my laptop on the same network as promox: 192.168.1.0/24
The tunnel is relevant in that my ultimate goal will be to have “client” in the cloud so I can access my apps from the world while having all traffic into my house be through a VPN.
The VM’s IPs are 192.168.1.50 (“server”) and 192.168.1.51 (“client”). They can see everything on their subnet and everything on their subnet can see them.
Everything is using my router for DNS, and my router points
myapp.mydomain.comandwhoami.mydomain.comto “client”. And by “everything” I mean all computers on the subnet and all containers in this project.Both VMs and my laptop resolve
myapp.mydomain.comandwhoami.mydomain.comto 192.168.1.51, which is “client”, and can ping it.Is the browser also using the LAN router for DNS? Some browsers are set to use DoT or DoH for DNS, which would mean they’d bypass your router DNS.
Do you also get “Internal Server Error” if you make the request with curl on the CLI on the laptop?
How did you check that mydomain is being resolved correctly on the laptop?
What do you get with curl from the other VM, or from the router, or from the host machine of the VM?
Thanks so much for helping me troubleshoot this, @lemmyvore@feddit.nl!
My browser was using DoH, but I turned it off and still have the same issue.
Yes, running
curl -L -k --header 'Host: whoami.mydomain.com' 192.168.1.51on the laptop results in “Internal Server Error”.ping whoami.mydomain.comhits 192.168.1.51.From the router:
From the wireguard client container on the “client” VM:
From the traefik container on the “client” VM:
From the “client” VM itself:
From the wireguard container on the “server” VM:
From the traefik container on the “server” VM (This is interesting. Why can’t I ping from this traefik installation but a can from the other? But even though it won’t ping, it did resolve to the correct IP):
From the “server” VM itself:
Also, just to make sure the app is indeed running, I curled it from it’s own container (I’m using myapp here instead of whoami, because whoami doesn’t have a shell):
I can’t seem to display html tags in this comment, but the results are the html tags for the web page for the app - so the app is up and running