I am running NextCloudPi (NCP) on a Pi3 that is connected by ethernet cable to my home router. I have forwarded the ports. I have installed an SSL cert from Letsencrypt so can use https. I can access the NCP website from outside my home network using https://my.domain.com and all is well.
When I am at home I want to use the same url -- https://my.domain.com but because my router doesn't do NAT Loopback I can't access the site.
There are several workarounds I could use when inside my LAN:
1. Use the local ip address of my Pi... this way I get ugly SSL errors because the bare IP address doesn't match the (sub)domains registered with the SSL cert.
2. Add the local ip address of my Pi to the hosts file on my Windows 7 laptop... yes this works
3. Install a dns server such as: dnsmasq
I decided to install dnsmasq.
Now when I try http://my.domain.com from Chrome inside my LAN I get this error: net::err_CERT_AUTHORITY_INVALID. Clicking on “Proceed to my.domain.com unsafe” at the bottom brings me to my routers homepage with its external ip address displayed in the url address bar.
But I can access this site from outside my LAN without SSL errors so port forwarding is working and I'm thinking this error must be due to my router not doing NAT Loopback and the solution must lie in my dnsmasq config.
Here is my /etc/dnsmasq.conf:
Code: Select all
interface=eth0 no-dhcp-interface=eth0 domain-needed # Never forward plain names (without a dot or domain part) bogus-priv # Never forward addresses in the non-routed address spaces. no-poll # Don’t poll for changes in /etc/resolv.conf no-resolv # Don’t use /etc/resolv.conf or any other file cache-size=500 listen-address=127.0.0.1 server=192.168.1.254 # local ip address of my router address=/my.domain.com/192.168.1.124 # This is optional if we add it to /etc/hosts
The local IP address of my router is: 192.168.1.254
I went in to the web admin of my router and changed its primary DNS to the local IP address of my Pi. Apparently this makes local dns lookup easier somehow?
Lots of other config files can control dnsmasq like:
… but my understanding is none of those files matter because of [no-resolv] in dnsmasq.conf. Maybe I’m wrong here?
After every change to /etc/dnsmasq.conf I do a /etc/init.d/dnsmasq restart
I use >> dnsmasq --test and look in /var/log/syslog to see if dnsmasq is working which it seems to be:
For >> dnsmasq --test
Code: Select all
root@nextcloudpi:/home/pi# dnsmasq --test dnsmasq: syntax check OK.
The log shows dnsmasq listening on port 53 (correct) to the nameserver which is the local ip of my router… my understanding is this is set up correctly because I have set the local ip of my pi3 to be the primary dns on that router… maybe I am wrong here?
Here is the output of >> netstat -tupln
dnsmasq is listening on Port 53 (tcp and tcp6)
This set up, or various versions of it, was working for me but for reasons unknown to me it stops working.
Sorry for this LONG post but if I give all my information maybe I can get the solution faster? Anyone using dnsmasq in a simple way like me could you post your /etc/dnsmasq.conf file please?