Certbot
-
@aaronstuder
removed domain -
@Dashrender things do work if I use 2 different URL's
-
@alex.olynyk said in Certbot:
@Dashrender things do work if I use 2 different URL's
How does file sharing work that way?
-
dont know. havent put into production yet
-
@alex.olynyk said in Certbot:
dont know. havent put into production yet
LOL, so how do you know that things will work
The links that are generated by the system will only work to one or the other group (internal or external) is the expectation. -
honestly dont know, this has been placed in my lap to get working
-
OK @alex-olynyk did add roseradiology.com, but not in the correct place. As such, it never worked as desired.
-
@alex-olynyk
now that you've removed that, what do you get when you ping owncloud.roseradiology.com? -
-
is that IP address on your firewall?
-
@Dashrender yes, it works from the outside. Our FW is managed by Windstream so unsure what you are asking
-
@alex.olynyk said in Certbot:
@Dashrender yes, it works from the outside. Our FW is managed by Windstream so unsure what you are asking
You're firewall is manged by Windstream? huh - didn't know they did that.
You need to call them and ask them to turn on hairpin routing in the firewall/router/cablemodem/router, whatever it is.
If they tell you that they can't, then you will have to use Split Horizon DNS to solve this problem.
-
@Dashrender which means create a DNS zone called roseradiology.com and add records for my public servers?
-
@alex.olynyk said in Certbot:
@Dashrender which means create a DNS zone called roseradiology.com
yes
and add records for my public servers?
no
You'll add a brand new zone to your DNS servers (make it AD integrated) and then add in all the records that exist in the internet based one, but you'll change the IP from external live IPs to the IPs that are used by those services inside your network.
So for ownCloud you'll do:
A record Owncloud : 192.168.128.10
-
@Dashrender our mail server is hosted POP so that's accessed via mail.roseradiology.com
no internal IP address for that -
@alex.olynyk said in Certbot:
@Dashrender our mail server is hosted POP so that's accessed via mail.roseradiology.com
no internal IP address for thatThen for that one you will still use the external IP, but you WILL have to put in a record in your local DNS.
I have lost track of how many times you have been told this is the correct answer.
-
@aaronstuder said in Certbot:
@StrongBad The only thing I can think of is speed? Maybe it's a bit faster? However many routers have loopback NAT, so no difference there.
The term you are looking for is HAIRPIN NAT.
Personal opinion incoming: You NEVER want to rely on HAIRPIN NAT, ever.
For most companies, DNS is not something that changes very often. It is much easier to handle entering DNS information both into both the internal and external DNS servers.
-
@JaredBusch said in Certbot:
Personal opinion incoming: You NEVER want to rely on HAIRPIN NAT, ever.
For most companies, DNS is not something that changes very often. It is much easier to handle entering DNS information both into both the internal and external DNS servers.
I tend to agree with JB on this one.
-
@JaredBusch said in Certbot:
@alex.olynyk said in Certbot:
@Dashrender our mail server is hosted POP so that's accessed via mail.roseradiology.com
no internal IP address for thatThen for that one you will still use the external IP, but you WILL have to put in a record in your local DNS.
I have lost track of how many times you have been told this is the correct answer.
Hey, listen to JB on this one you should.
-
@JaredBusch i just did this and it still wont work. when i ping www.rose and mail.rose it returns the same IP. Added both in local DNS. www works on the inside but not mail
owncloud and pacs work on the inside but no mail
