Ive been wracking my brains out for weeks trying to debug a once perfectly functioning LEMP web server. I'm using a relatively complicated setup. Lets start with my setup from the beginning when things were working perfectly.
Step 1 (Working setup): lemp server/nginx > Raspberry Pi > Secondary router w forwarded ports > Primary router with forwarded ports > Public Internet serving web pages
I'm running a Lemp server off of Raspian OS on a Raspberry Pi 4. Nginx is running a reverse proxy, through my secondary router which is connected to my primary router/modem. The primary router/modem is forwarding https and http ports to the secondary router, which then forwards those same ports to the raspberry pi. The raspberry pi successfully obtains certificates from certbot, and runs a fully functioning website accessible from the public internet.
Step 2a (Working setup): lemp server/nginx > Raspberry Pi > Secondary router > EC2 Openvpn-AS tunnel > Primary router with forwarded ports > Public Amazon Internet serving web pages Next, I have created an AWS EC2 OpenVPN-AS instance, and I run it as a server. From there, I install openvpn on my raspberry pi lemp server, change my domains dns to point to the ip address of my OpanVPN-AS instance instead of my home ip, and then run openvpn as a client on my lemp server, sucessfully tunneling my web server through the OpenVPN AWS instance, out to the public internet. This setup works.
Until....
I do something to completely stop all connections to the server through the vpn. The problem is, I have absolutely no idea what I did to alter this once working setup. I know i updated the pi, and I think i might have changed the internal hostname, but that is as much as i can remember before my pi became a dead server.
On the internal network, the webserver still works using the local ip when using the EC2 tunnel.
The odditiy that I have noticed, is that although the AWS tunnel setup stopped my webserver from working, once i plug my server back into my home router without the tunner, and repoint my dns back to my home router, the server starts to work publicly again. I just can not pinpoint, what exactly has changed since my server was working after being tunneled through AWS OVPN, and now, it doesnt resolve, yet, it somehow resolves on my home ip with minimal settings altered. The only things I really change when switching from aws to the home router, is what ip the domains dns points to, and weather or not the vpn tunnel should be up or down.
As for the amazon ovpn tunnel, that also properly resolves and the server properly obtains the new amazon IP address.
I know how to build servers, however, I am litereally a superman-noob when it comes to debugging them and figuring out where there connection is going bad. So my question is...
Could someone please try to walk me through some steps to debug this, and get my websever back up and running through my openvpn instance using an amazon ip address? I havent the slightest idea where to even start aside from my succesfull pings through the amazon tunnel, as well as a healthy looking traceroute.
My EC2 ports are open on 443 and 80, and I have even tried with all firewalls down, to no avail.
Any advice, tips, walkthroughs, or beginner friendly stepping stones to help me debug this an pinpoint where the connection is dropping would be appreciated!
Do the VPN logs confirm that the tunnel is actually up and running?
You say you can traceroute successfully to the public IP addresses. Can you do a manual connection using telnet? eg: if your host ip is 123.456.789.123: telnet 123.456.789.123 80
You should get a response like :
Trying 123.456.789.123... Connected to www.example.com. Escape character is '^]'.
If that works you can test the server with: GET /index.htm HTTP/1.1 host: 123.456.789.123 <line feed - hit enter twice>
The server should respond with the index page html: HTTP/1.1 200 OK Date: ...etc