Develop Reference

FQDN not working for Ubuntu22.04 and synology

I've got the latest Synology and several Ubuntu 22.04 (fully updated) but empty.
installed Synology's own DNS server: example.local
installed Synology's own DHCP server.
The client do get the IP in the DHCP range I dedicated for them. Nice. But they do not get the domain options delivered so that I could resolve the FQDN with hostname -f. It simply shows the hostname that I've set in the client's hostname file.
The resolv.conf shows merely:
nameserver 127.0.0.53
options edns0 trust-ad
search example.local
A ping from one client to another would result in:
ping worker-s-05
ping: worker-s-05: Temporary failure in name resolution
... or ...
ping worker-s-05.example.local
ping: worker-s-05.example.local: Name or service not known
I've added vendor (Ubuntu22.04) options to the DHCP Server:
64: example.local
15: example.local
65: 10.0.0.10 <-- my synology/dns/dhcp server ip
6: 10.0.0.10
119: example.local
Is there anything else I could do for my Ubuntu 22.04 clients to accept the domain example.local and resolve to a FQDN?

how to resolve micok8s port forwarding error on vagrant VMs?

have a 2 node microk8s cluster running on 2 Vagrant VMs (Ubuntu 20.04). trying to forward port forward 443 from host so I can connect to dashboard from the host PC over the private VM network.
sudo microk8s kubectl port-forward -n kube-system service/kubernetes-dashboard 10443:443
receive the following error:
error: error upgrading connection: error dialing backend: dial tcp: lookup node-1: Temporary failure in name resolution
also noticed that the internal IPs for the nodes are not correct:
the master node is provisioned with an IP of 10.0.1.5 and the worker node 10.0.1.10. in the listing from kubectl both nodes have the same IP of 10.0.2.15.
not sure how to resolve this issue.
note I am able to access the dashboard login screen from http and port 8001 connecting to 10.0.1.5. but submitting the token does not do anything as per the K8s security design:
Logging in is only available when accessing Dashboard over HTTPS or when domain is either localhost
or 127.0.0.1. It's done this way for security reasons.

was able to get passed this issue by adding the nodes to the /etc/hosts file on each node:
10.1.0.10 node-1
10.1.0.5 k8s-master
then was able to restart and issue the port forward command:
sudo microk8s kubectl port-forward -n kube-system service/kubernetes-dashboard 10443:443 --address 0.0.0.0
Forwarding from 0.0.0.0:10443 -> 8443
then was able to access the K8s dashboard via the token auth method

certbot cannot verify domain and connection refused

I am trying to generate certificate for my domain. I can ping my domain but still getting error. I have added inbound firewall rule to my digital ocean server to accept port 80 on ipv4 and ipv6 as well. Not sure what is wrong. [Note: my nginx server is not running as I cannot get the certificate]
https://community.letsencrypt.org/t/invalid-response-404-nginx-docker-container/102525
My domain is: www.1040nra.com
I ran this command: sudo certbot certonly --staging --webroot -w /root/dt-app-data/ -d 1040nra.com -d www.1040nra.com
It produced this output:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 1040nra.com
http-01 challenge for www.1040nra.com
Using the webroot path /root/dt-app-data for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. 1040nra.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://1040nra.com/.well-known/acme-challenge/22AD-KFmF62z373CPiUKzk6dlr-0s5wMOmnmrziMqd4: Connection refused, www.1040nra.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.1040nra.com/.well-known/acme-challenge/ba-jjDhBUZJ9fHLofGfDYSVV5a-ETlX26A64A-2Yu0s: Connection refused
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: 1040nra.com
Type: connection
Detail: Fetching
http://1040nra.com/.well-known/acme-challenge/22AD-KFmF62z373CPiUKzk6dlr-0s5wMOmnmrziMqd4:
Connection refused
Domain: www.1040nra.com
Type: connection
Detail: Fetching
http://www.1040nra.com/.well-known/acme-challenge/ba-jjDhBUZJ9fHLofGfDYSVV5a-ETlX26A64A-2Yu0s:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
The operating system my web server runs on is (include version): ubuntu 18.04

You seem to have solved the problem yourself.
This is because the certbot domain cannot verify the DNS A record.
Make sure your domain address is directed to your server's ip address.
If you made the dns change 'recently', it may take some time to delete the old ip address.
https://www.whatsmydns.net/
Check here, there should only be one IP address and this should be your server's IP address.

Make sure ports 80 and 443 are open by running the command below:
sudo ufw status
If port 443 is not open, then run the command bellow to allow port 443:
sudo ufw allow https

Issue: The issue is your domain might be not pointing to your Cloud host IP and DNS setup
Solution:
You have to map your domain and IP in-network option tab A
Once you did the mapping then you have to setup DNS on where you have purchased the domain website.
Then check by entering your domain name on this web site www.whatsmydns.net showing your IP address or not
If Yes then you create the certificate

Go to the https://www.whatsmydns.net/
Enter your host name
You set the type A
Make sure that there is the same IP everywhere
You set the type AAAA
Make sure there are no AAAA entries
AAAA are IPv6 entries.
If the addresses for AAAA are present, make a request to this IPv6 address
#example curl [43ff:0c89:eb10:4c06:c90e:4b7d:64e5:fbe1]
curl [your IPv6]
If you get an error, then the address does not point to your site. Accordingly, there is a difference between IPv4 and IPv6.
Solution: delete the domain zone type AAAA

Cento 7 Firewalld refuses all incoming connections to my web-server

I have Centos7 VM built using vagrant with private IP address of:192.168.56.255
I am running my Spring boot application on that VM on port 8443. It supports HTTPS. My issue is that when try to send https requests to 192.168.56.255 web server via Curl command i got
curl: (7) Couldn't connect to server
I have read many tutorials that explain how to configure my Firewall in Cento7 but still got the same issue one is provided by DigitalOcean
When I type
sudo firewall-cmd --list-all-zones
I got
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh dhcpv6-client https http mysql
ports: 8443/tcp 3306/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
As you can see I enabled everything I need and more but still. I even shut down the Firewall but still the connection is refused from my host.
When I made the changes I did reload my firewall
sudo firewall-cmd --realod
So that is not the problem

The problem was not with the Firewalld but with the pre-configured IP address using Vagrant.
The IP address should not be 255 in the first byte as I did 192.168.56.255
because that indicates that this is a broadcast address. So i solved it by changing it to 192.168.56.10

Empty reply from server - can't connect to vagrant vm w/port forwarding

I'm running werkzeug (as part of a Tilestache setup) inside a Vagrant VM, running ubuntu 'precise.'
In my Vagrantfile, I have:
config.vm.network :forwarded_port, guest: 8080, host: 8080
When I start the server in the VM, I see:
* Running on http://127.0.0.1:8080/
If I curl that address from within the VM, I get the expected result. When I curl it from the host machine, I get:
curl: (52) Empty reply from server
And Chrome says "No data received."
Troubleshooting info:
The server responds to pings from the host machine
a port sniffer verifies that the port is open
running netstat -ntlp | grep 8080 in the vm shows that the server is listening on 8080
My local hostsfile doesn't have any weird conflicts
I'm also forwarding 22 => 2222, and I can ssh in with no trouble
I've disabled the firewall on the host, and i don't believe there's one on the guest (iptables and ufw are disabled, at least)
I've set auto_correct: true in case there are conflicts (there aren't)
I know I could set up a private network, but I'd like to understand why this isn't working and how to troubleshoot it.
Any other ideas?

When running a server from within a VM, start the server on 0.0.0.0 instead of 127.0.0.1.
127.0.0.1 is only accessible to the local machine, which for a VM means nothing outside of the VM can reach it! 0.0.0.0 is accessible from anywhere on the local network, which to a VM includes the host machine.
The answer came from here: Connection Reset when port forwarding with Vagrant
(Which apparently got its answer from here: https://stackoverflow.com/a/5999945/738675)
With help from: https://serverfault.com/questions/78048/whats-the-difference-between-ip-address-0-0-0-0-and-127-0-0-1
Google-bait:
Here are the errors you might receive if this is the problem:
Chrome: "No data received"
Firefox: "The connection was reset - The connection to the server was reset while the page was loading."
Safari: "Safari can’t open the page [URL] because the server unexpectedly dropped the connection"
curl: "Empty reply from server"

In the /etc/hosts inside the VM, change line
127.0.0.1 localhost -> 0.0.0.0 localhost
and then restart server

This can also be a problem with your firewall on the vagrant machine. If you can curl the address while on the vagrant box, then check your firewalld settings or turn it off:
on CENTOS:
sudo service firewalld stop
Then you should update your firewalld settings and restart it ;)