[SOLVED] Internal web site VM:80 Not working from outside

[Sikjairi]

Hi Guys ,
i would like to get acces to local vm from outside exemple sub.domaine.com ==> proxmox-VM LOCAL-IP-3:80 ,

I made some config on my external apache proxy as you can see :

EXTERNAL  APACHE PROXY (Public IP -178.xx.xx.xx)  : /etc/apache2/sites-available/   
<VirtualHost *:80>
        ServerName sub.domaine.com
        ProxyPass / http://PROXMOX-PUBLIC-IP:80/
        ProxyPassReverse / http://PROXMOX-PUBLIC-IP:80/
        ProxyPreserveHost On
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =sub.domaine.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]           
</VirtualHost>

& also i made a modification on Proxmox network file as you can see :
Proxmox (Public IP -198.xx.xx.xx) : /ETC/NETWORK/INTERFACES ########## Routing VM Odoo Instances ########## post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8085 -j DNAT --to LOCAL-IP-1:8085 post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 8085 -j DNAT --to LOCAL-IP-1:8085 post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8086 -j DNAT --to LOCAL-IP-2:8086 post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 8086 -j DNAT --to LOCAL-IP-2:8086 ########## Routing VM Moodle Instance ########## post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to LOCAL-IP-3:80 post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to LOCAL-IP-3:80

the problem i have that the Odoo instances work fine but for the moodle instance doesn't work , do you have any idea about the issue ?Thank you in advance .

NB :
VM Odoo work fine from outside
VM Moodle doesn't work from outside ( it's work from local network http://local-ip/moodle/login/index.php )

 

[sb-jw]

Is port 80 even open to the outside world?

 

[Sikjairi]

Is port 80 even open to the outside world?

Hi @sb-jw , which Machine i have to check the port 80 the Moodle-VM or the entire Proxmox node ?

 

[sb-jw]

On your router, on your firewall, at your provider?
Ultimately, you should know your network and where something could be blocked. I don't know your network and you haven't communicated many details about it here.

 

[Sikjairi]

On your router, on your firewall, at your provider?
Ultimately, you should know your network and where something could be blocked. I don't know your network and you haven't communicated many details about it here.

Hi again @sb-jw ,

I Have a simple network as described in this diagram , you can take a look , i need to access to the vm122 via the sub.domain.com ,
The config files for apache2 & PVE: /Etc/network/interfaces are :

#Appache Proxy : /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80> ServerName sub.domain.com ProxyPass / http://149.xx.xx.xx:80/ ProxyPassReverse / http://149.xx.xx.xx:80/ ProxyPreserveHost On #RewriteEngine on #RewriteCond %{SERVER_NAME} =sub.domain.com #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost>

#PVE server : /ETC/NETWORK/INTERFACES

########## Routing VM  Moodle Instance  ##########     
      post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.21.21.122:80
    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.21.21.122:80

NB: I have others VMs i can access to them via the port exemple 8069 8075 ..etc

 

[sb-jw]

Let's keep in mind that you have a problem with access from the Internet. It works from your internal network. So what is the problem? But obviously access from the Internet, so surely there is something between your private network and the Internet? Something like a router, a firewall or whatever, but something will probably establish the Internet connection in front of your PVE server.

Just because ports 8069 or 8075 can be accessed from the Internet doesn't necessarily mean anything; it could be that these ports are open and access is therefore working as it should.
Then just use one of these ports as a test and see if it works. If so, your configuration is correct and you have confirmation that port 80 is probably not usable.

 

[basil]

post-up echo 1 > /proc/sys/net/ipv4/ip_forward

 

[Sikjairi]

post-up echo 1 > /proc/sys/net/ipv4/ip_forward

Hi @basil ,

i already have this rule on the file /etc/network/interfaces , and the vm connected to the Internet ,
now i can connect to apache via my domaine http://sub.domain.com/ but i cant' connect to my web site http://sub.domain.com/moodle/login/index.php , it's redirect me to the local ip adress http://10.x.x.x./moodle/

 

[basil]

This is not a network problem - try change sub.domain.com A 149.xx.xx.xx for testing, if site worked then trouble with your proxy or if not worked - trouble with you apache and moodle

 

[Sikjairi]

Let's keep in mind that you have a problem with access from the Internet. It works from your internal network. So what is the problem? But obviously access from the Internet, so surely there is something between your private network and the Internet? Something like a router, a firewall or whatever, but something will probably establish the Internet connection in front of your PVE server.

Just because ports 8069 or 8075 can be accessed from the Internet doesn't necessarily mean anything; it could be that these ports are open and access is therefore working as it should.
Then just use one of these ports as a test and see if it works. If so, your configuration is correct and you have confirmation that port 80 is probably not usable.

Hi @sb-jw @basil ,

Sure i just changed the port from 80 to 8087 on apache proxy & PVE interfaces , now i got Local @ip from outside maybe i miss some config on the Moodle local VM


#1 the public ip with port 8087 goes to apache


2# the domain name goes to apache



3# the full web link goes to local ip adress of the moodle VM



#4 the local IP

 

[Sikjairi]

This is not a network problem - try change sub.domain.com A 149.xx.xx.xx for testing, if site worked then trouble with your proxy or if not worked - trouble with you apache and moodle

You are right , the the public ip & doamin work fine , i still have one more problem that i got a local ip when i try to access to the web site

 

[basil]

You are right , the the public ip & doamin work fine , i still have one more problem that i got a local ip when i try to access to the web site

​

config.php
<?php  /// Moodle Configuration File

unset($CFG);

$CFG->dbtype    = 'mysql';
$CFG->dbhost    = 'localhost';
$CFG->dbname    = 'moodle';
$CFG->dbuser    = 'moodleuser';
$CFG->dbpass    = 'XXXXXXXX';
$CFG->dbpersist =  false;
$CFG->prefix    = 'mdl_';

$CFG->wwwroot   = 'http://trainer.moodle.org';
$CFG->dirroot   = '/var/www/moodle';
$CFG->dataroot  = '/opt/moodle_data';
$CFG->admin     = 'admin';
$CFG->reverseproxy = true;
$CFG->sslproxy  = 1;

i think you have in config like this
$CFG->wwwroot = 'http://10.21.21.122';

 

[Sikjairi]

​

config.php
<?php  /// Moodle Configuration File

unset($CFG);

$CFG->dbtype    = 'mysql';
$CFG->dbhost    = 'localhost';
$CFG->dbname    = 'moodle';
$CFG->dbuser    = 'moodleuser';
$CFG->dbpass    = 'XXXXXXXX';
$CFG->dbpersist =  false;
$CFG->prefix    = 'mdl_';

$CFG->wwwroot   = 'http://trainer.moodle.org';
$CFG->dirroot   = '/var/www/moodle';
$CFG->dataroot  = '/opt/moodle_data';
$CFG->admin     = 'admin';
$CFG->reverseproxy = true;
$CFG->sslproxy  = 1;

i think you have in config like this
$CFG->wwwroot = 'http://10.21.21.122';

Exactly that was my fault , now the problem resolved Thank you all guys for your support , have a nice day to you all .