search

gravitl / netmaker

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://netmaker.io
Other
9.5k stars 552 forks source link

[Bug]: registration failed Post "https://api.xxx.com/api #2553

Open liangyoufeng opened 1 year ago

liangyoufeng commented 1 year ago

Contact Details

No response

What happened?

Hi, mattkasun, afeiszli

In the deployment of v0.20.6, I obtained the certificate through the acme.sh tool. In the nm-quick.sh script, I annotated the steps to apply for the certificate, and in the intranet environment, this error occurred when resolving the domain name to the local location in/etc/hosts. May I ask if a public IP is necessary? And open ports 80 and 443. My original plan was to map the 443 port on the internal network to other ports on the external network through a router.

It seems that it is not possible to apply for Cloudflare certificates through Certbo in DNS mode. Will this feature be added later? Or does it not necessarily require a domain name to deploy access, is it allowed to use public IP?

Good luck!

Version

v0.20.6

What OS are you using?

Linux

Relevant log output

root@localhost:~# netclient register -t eyJzZXXXXXXXXXXXXXX
[netclient] 2023-09-04 12:06:20 failed to dial:  dial udp :51821->137.184.16.175:3478: bind: address already in use
[netclient] 2023-09-04 12:06:20 stun transaction failed:  stun1.netmaker.io dial udp :51821->137.184.16.175:3478: bind: address already in use
[netclient] 2023-09-04 12:06:21 failed to dial:  dial udp :51821->159.223.60.49:3478: bind: address already in use
[netclient] 2023-09-04 12:06:21 stun transaction failed:  stun2.netmaker.io dial udp :51821->159.223.60.49:3478: bind: address already in use
[netclient] 2023-09-04 12:06:22 failed to dial:  dial udp :51821->172.253.56.127:19302: bind: address already in use
[netclient] 2023-09-04 12:06:22 stun transaction failed:  stun1.l.google.com dial udp :51821->172.253.56.127:19302: bind: address already in use
[netclient] 2023-09-04 12:06:22 failed to dial:  dial udp :51821->74.125.197.127:19302: bind: address already in use
[netclient] 2023-09-04 12:06:22 stun transaction failed:  stun2.l.google.com dial udp :51821->74.125.197.127:19302: bind: address already in use
[netclient] 2023-09-04 12:06:52 registration failed Post "https://api.xxx.com/api/v1/host/register/eyJzZXXXXXXXXXXXXXX": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

root@localhost:/data/netmasker# curl -Ivk https://api.xxx.com
*   Trying 165.198.105.48:443...
* Connected to api.xxx.com (165.198.105.48) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=xxx.com
*  start date: Sep  1 00:00:00 2023 GMT
*  expire date: Nov 30 23:59:59 2023 GMT
*  issuer: C=AT; O=ZeroSSL; CN=ZeroSSL ECC Domain Secure Site CA
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55f4eed2dc70)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> HEAD / HTTP/2
> Host: api.xxx.com
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 404
HTTP/2 404
< alt-svc: h3=":443"; ma=2592000
alt-svc: h3=":443"; ma=2592000
< content-type: text/plain; charset=utf-8
content-type: text/plain; charset=utf-8
< date: Mon, 04 Sep 2023 02:58:50 GMT
date: Mon, 04 Sep 2023 02:58:50 GMT
< server: Caddy
server: Caddy
< x-content-type-options: nosniff
x-content-type-options: nosniff
< content-length: 19
content-length: 19

<
* Connection #0 to host api.xxx.com left intact

Contributing guidelines

liangyoufeng commented 1 year ago

Forgot to add one more point:

Due to the fact that it is a household public network broadband, it is not possible to ping the public IP/domain name in the internal network environment. Therefore, a mandatory resolution was made to the local network in/etc/hosts. May I ask if there is a better solution?

mattkasun commented 1 year ago

the netmaker server requires a public routable ip address