The server runs 6 Linux Containers currently, all have static IPs.
Server 106 has an nginx reverse proxy that proxies to servers 101 (nginx web server, port 80) and server 102 (media server, port 8127).
The nginx reverse proxy has https configuration properly set up for all of my domains and routes requests properly.
However, after about 12 hours of having this server running, it stops resolving my requests to the domains themselves from my LAN. WAN is always fine - never an issue. But if I try to connect to example.com from my LAN after an arbitrary amount of time, it just stops working. I can still access all servers via their ipv4 addresses.
What the fuck is going on? Any ideas?
Josiah Sanders
sidenote: this was never an issue before configuring ssl support. I have double, triple, and quadruple checked the configuration - it's all correct. Like I said, accessing the sites works fine from WAN all the time, and work on LAN for a limited time.
Juan James
Try to assign ssl to a different port and see if it works for you.
Juan Thomas
Would having it on default 443 cause a problem after an arbitrary amount of time?
Andrew Price
have you checked DNS?
Luis Sanders
It shouldn't, but I can't say for sure without a pcap/dns logs to analyze.
Daniel Roberts
What do you mean by "checked DNS"?
Not being a dick, if that sounds aggressive. I don't mean for it to.
Anthony Ortiz
After this arbitrary amount of time, since I configured SSL support, connecting via domain names on port 80 (regular http traffic) also doesn't work. I don't think it's the port for that reason. There must be something DNS or nginx related going wrong. I didn't know if someone here had ever heard of an issue like this where it works fine for a short time each restart and then just shits itself on the LAN only.
Jose Reyes
He probably meant that you should try to trace problem from the host to server. D/l Wireshark and search for dns requests. Then see what dns log has to tell you (in debug).
Josiah Watson
The DNS queries return my proper WAN IP address.
Chase Morales
my bad. for some reason I thought you were rolling your own DNS but after re reading that doesn't seem to be the case (unless I am wrong)
Andrew Turner
Well, they did for a minute - and the sites were working properly. Now the DNS requests, given no changes from me, are IPV6 AAAA requests - which isn't configured on my server (intentionally.)
I don't know why this would be, shouldn't my computer be making IPV4 requests by default? Especially when IPV6 isn't getting a response?
No, not rolling my own DNS.
Lucas Anderson
Anything in the logs?
Tried to restart named?
Juan Watson
do you have IPv6 disabled the computer you're querying the requests from?
Luis Gomez
The client computer has IPV6 enabled and working properly. When I try to connect to one of my domains from the LAN, Wireshark doesn't get the A record for the domain. However, when trying to connect outside of my LAN, it gets the A record just fine.
Leo Smith
I just set up a subdomain A record on one of my domains and pointed it outside of my local network - when I access the site it works fine and Wireshark shows this client PC receiving the A record. However, when connecting to a domain/subdomain pointing to my router's WAN IP, Wireshark doesn't show the client PC receiving the A record.
Lucas Rogers
Oh, it appears that it wasn't getting the A record because it had it cached already. After flushing the DNS cache it receives the A record, but still can't connect to the site via the WAN IP.
Could it be that my router is deciding to randomly stop handling the requests from LAN via the domains properly?
Tyler Collins
Apparently it requires NAT hairpinning/loopback.
I just don't understand why it would work sometimes and not other times. Very strange.
Jaxson Gomez
> Server 106 has an nginx reverse proxy that proxies to servers 101 (nginx web server, port 80) and server 102 (media server, port 8127). Why? Get your Nginx on a host. > What the fuck is going on? Any ideas? Look in the logs, because it may be anything: max files limit, not enough ram or something else.
Jeremiah Hall
I don't understand the first thing you said. "Get your nginx on a host"
What?
Aiden Torres
Install Nginx on the Proxmox and remove 80 port rules in the firewall. Nginx will serve all requests for 80 port.
Henry Thompson
Are you completely incapable of reading? The guy set up his server just fucking fine - it's a NAT loopback issue. It's already been solved you fucking retard.
Carter Foster
> Are you completely incapable of reading? Yes. > The guy set up his server just fucking fine No, it makes things more complicated. Anyway, I don't get the point of a reverse proxy if it's possible to use LAN IPs. It means they are in the same subnet.
Anthony Ward
While I agree that his usage of a reverse proxy is totally unnecessary, you still were just being a cunt by not reading a single damn thing in this thread, including the OP.
Benjamin Martin
OP here,
I took the advice of and got rid of the reverse proxy (why the fuck did I think I needed that to start with?) and magically it is working in my LAN again. I don't know what the fuck the deal is senpai.
Tyler Johnson
> why the fuck did I think I needed that to start with? You may need it for WAN, tho.
