I had to do a bit of DNS trickery so I could get it to run internally only.
1 Like
If you have the option to self host and want to keep it for use internally only (no public access through your firewall)
Just setup an internal dns and mail server. And you'll be good to go. I just did it all in a couple hours.
Has anyone had any luck configuring their sandstorm instance to not use the "sandcats" DNS service? I've got a droplet running on digitalocean for testing trying to get this to work and have had no luck banging my head against the wall for days.
Using their "sandcats" DNS is absurdly easy to setup so you have "whatever.sandcats.io" but i'm trying to get the server to use "whatever.mydomain.com". I've got the wildcard DNS to actually work, but the server refuses to accept a 301 redirect to https. Keep getting a 400 Error stating the http request was sent to an https port and the page won't load.
I was trying to follow along with this but I got stuck at the admin token. When I tried to go to it at first it would just time out. I am running it on a VM behind a pfsense firewall. Not sure exactly what I did(because I have tried so many different things), but at one time when I went to the url I was prompted with the PFsense log on, currently I get refused to connect. I have messed with the sandstorm.conf and tried a few different things. I believe the ports are forwarded correctly in pfsense but I am a complete novice at this, will someone give me some guidance.
Well, I have not used the tutorial myself, but I assume from what you wrote that you connect to your public IP (WAN of the pfsense). You should connect to the IP of the VM instead. Also does your VM use NAT or Bridge to get onto your local network?
You might need to alter the bash script that sets it all up if you want to not register with sandcats for an SSL cert
The VM connects with Bridge. I had the port forwarding set up incorrectly, the firewall was forwarding to itself. But I found another problem of mine. The ports are not listening on the sandstorm server. I am using arno-iptables-firewall. I have gone through the set up a few time to make sure it is all correct(got lost looking at firewall.conf ). It seems to be fine but I am even unable to SSH into it. Any suggestions?
So there are no ports open on the VM?
If there are no ports open/listening you can not connect
Which IP does the VM get? for your local network range?
There are some open ports, but they are not the ones I told Arno to open. The Ip locally is 192.158.100.26
When I start and stop arno, should I get more info back than just than just:
[ ok ]Stoping arno-ip-tables-firewall (via systemctrl: arno-ip-tables-firewall.service
[ ok ]Startingarno-ip-tables-firewall (via systemctrl: arno-ip-tables-firewall.service
Thanks a lot @tekwendell this video was awesome.
From another of your videos I found out about yunohost and tried that on raspberry pi. It worked very well. and was much easier to install than sandstorm. However sandstorm seems to be a lot more secure, albeit that it is online.
To increase security it would be cool to add a knock daemon on your host server that allows you to turn the 80/443 ports on and off via port knocking.
One thing I liked about YUNoHost was that you could use it as kind of a digital locker box. Just SSH in (maybe after port knocking) and do a port forward 8080 to port 80 on it, then just navigate to localhost:8080 and you have access to your digital locker box and the tools contained within.
I want to try to do the same thing with Sandstorm, but need to find a tool that would function like /etc/hosts but with wildcard domains, to satisfy the wildcard DNS requirement.
Thanks again, I really found this video helpful and inspiring.
1 Like
sorry about necro, but @wendell are we going to see this make a return on the level1techs youtube channel?
Wendell said to post sucesses, I am late to the party eh?
I was semi-sucessful in setting up my website following most of the instructions from all the videos
the rocky part was setting up the dns so that the link would go to my web page.
I am still having issues with making it so that my website can be accessed with edds.tech instead of www.edds.tech.
I figure I may have flubbed my dns setup...
1 Like
Let me put out the last of the fires then I can get this spooled up again. ;)
4 Likes
One man fire brigade :)
1 Like
Preeeeeeety sure I had the help of what seems like thousands, and probably legit is thousands, of volunteer firefighters that organized into an awesome force of support and good will
8 Likes
You have to set the CNAME record in your DNS for edds.tech to the same URL as you have www.edds.tech.
Currently you only have www.edds.tech set to gd3fyo4laxda51syv67q.owned.sandcats.io and you need to do the same for edds.tech
1 Like
So do I make a new cname entry with blank for the host name and have it point to gd3fyo4laxda51syv67q.owned.sandcats.ioSummary
This is what I have so far
Hostname = edds.tech
Aliases to = yoursandcats.io domain
That should do the trick!
2 Likes
Getting a error. I am adding a new cname entry within the already existing cname entries right?Summary
This is where I am adding it to
Hostname can't be empty, can you put edds.tech in the hostname field?