Not able to access server via Domain Name - but I am still able to access via IP/Remotely


Recommended Posts

So let me start by saying that in the past month I have bought a UDM, set up an Unraid server, and started a Jellyfin/media playing server. I say all of that just to point out I am new at this, so there is very likely a lot of stuff I am just looking over - so I really appreciate any help. 

 

I followed the Wireguard setup located here - and mostly everything works. I was able to log in and access my server remotely when I visited my family last weekend. So I imagine that means I have set everything up relatively right, with regards to the adding a peer, port forwarding, and DDNS. 

 

However, for a reason I can't quite figure out - I've never been able to access it via the actual domain name. Say my domain is 'cookies.us', and I set my sub domain as 'yum'. So I should be able to access my server by going to yum.cookies.us, as far as I understand it? 

 

Since everything else is set up right (I assume, since the access remotely part of it is working) - does anyone have any ideas why the domain name wouldn't work? I am trying to set up a remote jellyfin to give to friends and families, and that would be much easier if I am just able to give them my domain name instead of an IP.

 

If this is in the wrong part of the forum, let me know I am happy to move it. I am also happy to post any screenshots to help people figure it out (I just didn't so far, because I'm honestly not sure what I need to hide/block out in regards to privacy and security).

 

Any help is appreciated, thanks!

Link to comment

I'm not familiar with using Wireguard or related with Unraid, or of its implications, but it sounds like you might be running afoul of something pretty common. To clarify, are you having problems accessing your server via domain name from inside the LAN, or outside the LAN?

 

What level of experience do you have with DNS troubleshooting? It would also help to know what DDNS service you're using, both the company hosting it and the software/website you're using to configure IP addresses and so forth.

 

Also, are you expecting inbound connections to use your VPN's tunnel, or use your ISP-provided IP address for inbound connections?

Link to comment

Hey - sorry for the late reply. I am not able to access my server via domain name from inside or outside of the LAN

 

My level of experience of DNS troubleshooting is pretty low, but I can read instructions and follow guides well enough. 

 

I mostly followed this guide

 

My domain is from Google Domains - and I use dyndns for the service. Google doesn't show up as an option in the Unifi settings, but the video I linked mentioned that they should be interchangeable for this because they use the same protocol. 

 

And no, I don't use my VPN tunnel from within my own network, just when I need to access it remotely. But it would still be nice if I was able to access my server (both inside and outside of my LAN) using the domain name. 

Edited by hive_minded
Link to comment

As a quick update - a few things I've checked.

 

If I go in to my google domains -> DNS -> Synthetic Records -> Dynamic DNS settings - I can see the subdomain that I picked, with a valid IP. When I go to DNSChecker.org, and type in my full domain (yum.cookies.us - the example from the original post) it comes up with the same IP that is listed on google domains. So that part of the process seems to be working right.

 

However, when I try to ping yum.cookies.us from my local PC, the request times out. 

 

When I use nslookup from my local PC - it comes up with the proper domain name (yum.cookies.us) and IP that shows up in google domains. 

 

Not sure where that leaves me - it's just odd that I'm still able use access remotely with the IP - but for some reason my domain name won't work. 

 

edit #3

 

So it looks like some of the errors I was running in to - had to do with my local PC always being connected to VPN. If I closed out of the VPN - I am now able to access 'yum.cookies.us'. Except it is pointing to my Unifi WebGUI, not my Unraid WebGUI. And that only works from within the LAN, outside the LAN it still does not work (but the IP address + wireguard tunnel still does). 

 

I must have gotten some wires crossed somewhere, but I'm not sure where. 

 

Edited by hive_minded
Link to comment

Being able to connect to your domain from within the LAN but reaching your Unifi WebGUI (which I'm left to infer is what you're using for a router..? I've only ever used Unifi for Wireless AP management, so I'm left to assume A WHOLE LOT here) that means your router is not appling port forwarding to your request. This is normal behavior - you're trying to connect to your external IP from behind its router, and many, many routers handle this case exactly as they should, which is to say they silently ignore the request. Picture it like throwing a package through a window -- it shouldn't come flying back in, unless you did something to make it do that. You need to set up NAT Reflection. Also, it is a wildly horrible idea to expose the Unraid web interface to the internet, it is absolutely not designed for that sort of exposure. Very, very risky.

 

If you want to use a domain name to connect from inside only, you need some manner of DNS override if you don't have the ability to set up and properly administer your own local domain. I don't know about Unifi's capabilities; I tend to stray away from the proprietary/closed-source/overly expensive systems so I'm not the guy for that. As an example of implementation, Unbound (software service, available on Linux and BSD-based router software) is capable of redirecting any request to any single (or wildcard) host/domain to any other IP address, silently. Obviously SSL breaks horribly when doing this, but it works for local-only domain resolution. This is how I access the things I have which should not be exposed to the big wide world -- instead of taking over *.cookies.us I would instead take over *.cookies -- that way I'm not walking over any public namespaces.

 

If you need access from both inside *and* outside, NAT Reflection is required, and will even maintain SSL certification.

 

The fact that you're able to connect when the VPN is turned off (of course you can't with it turned on, the VPN is intercepting and tunneling all of your non-local traffic because that's what they do, and your external IP address is non-local)  means somehow your request for your domain name is either A) resolving your router's local IP which should never happen, or B) resolving your external IP, which is then connecting to the router, which is accepting the connection instead of applying Port Forwarding to it. If the router is accepting that from the public side, that also means you're exposing that web UI to the internet, which I would not consider a good thing.

 

Ideally that helps somewhat -- let me know if not, but things in my life have been ...bumpy, so I may be delayed.

Link to comment

@codefaux Yes, sorry I should have clarified - I am using the Unifi for my router/WebGUI - via a UDM. 

 

Question about something you said, "Also, it is a wildly horrible idea to expose the Unraid web interface to the internet, it is absolutely not designed for that sort of exposure. Very, very risky.". 

 

If I am setting everything up to be able to access through the Wireguard VPN Tunnel (either with IP address, or domain - yum.cookies.us) - that is effectively shielding Unraid and my Local network from the internet, right? Seeing as the only way to get in is through the tunnel that I've created? That is my understanding at least, but I want to make sure that is accurate, because keeping my network secure from the internet is obviously priority number 1. 

 

Also - when you mention needing to set up NAT reflection what do you mean by that? In a few threads that I've read from people with similar issues to me, they reccomended changing the setting 'Local server uses NAT' to 'No'. I have not tried to change that yet. Outside of instructions from the official guide (which seems to have been pulled from the Unraid website, but the longer version is still available here) I have not changed anything. Do you think that changing that setting would help, or accomplish setting up NAT reflection? Or is that something completely different?

 

And I should clarify, being able to connect to my LAN from domain name inside my network would be neat, but not really a game changer. It would be cool to use my domain name because I like it and I think it's neat, but I'm the only person connecting to my server at home so it's not the end of the world. Being able to connect to my LAN via domain name outside of my LAN via domain name is much more important though. It makes things much more simple for to just give a domain name to friends and family, versus an IP address. Also I'm not 100% sure, but a Jellyfin guide I glanced over mentioned that it was a requirement for remote viewing. However, there may be workarounds. I haven't dug into that yet as I'm trying to solve this problem first. 

 

If I screenshot my Unraid VPN tunnel and peer settings, along with my Google domain DDNS settings, and finally my Unifi DDNS and Port Forwarding rule - would that help you identify where any kinks in the line are? I am more than happy to do so, but I'm not sure what information I need to block out for privacys sake. I am guessing both 'yum' and 'cookies' in my domain 'yum.cookies.us' in Google Domain and Unraid settings? As well as Google Domains username, and my Unraid Static IP? If I left anything out, or some of those don't actually matter - do let me know and I can get my screenshots posted asap.

 

Thanks a lot for your time and your help, no rush either way - I know life can be a bit bumpy at times.

 

Thanks again. 

Link to comment
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.