Tls timeout when trying to acess site from same network


(Lukas Wienke) #1

Im trying to host a website and on another subdomain a gitea server. The cert was successfully obtained, but when I try to access my server (hosted in the same network as I am in) the TLS handshake times out (both website and gitea).

I tried having a friend access the server, and it worked fine for him, for both the website and gitea. And when I am proxying through cloudflare i can connect as well. I tried with and without the tls part in my Caddyfile (see below).

Apart from the timeout (Firefox standard error message) i get no errors on either gitea or caddy’s side.

git.example.com {
    proxy / localhost:3000
    tls {
        dns cloudflare
    }
}
www.example.com {
    tls {
        dns cloudflare
    }
}

The server is running Archlinux (x86_64), i5, more then triple the RAM of a Rpi.


(Gorian) #2

You say you are trying to connect from the same network as caddy? Is your friend outside the network? Do you have an internal DNS entry for git.mydomain.here? If you don’t have split DNS or NAT reflection, then you’ll be resolving git.mydomain.here to your external IP which you won’t be able to connect to from inside your network. Try setting a DNS record or hostname of git.mydomain.here to the local IP of your caddy server and then try connecting.


(Matthew Fay) #3

I’d wager @Gorian is spot-on re: needing either NAT reflection or split DNS. I’ve personally implemented the latter in my own networks, but the former can be a somewhat “silver bullet” at the cost of double-handling packets at the firewall. Sometimes also referred to as “hairpin NAT”.