Web UI inaccessible after following both automatic and manual installation instructions for Docker

1

Hey fam!

I followed both the automatic install docs and the manual setup docs to no avail: Docker | firezone

I have an Ubuntu 22.04 VPS on the free tier of Oracle Cloud, but after following all of the install instructions I can’t access the Firezone web UI.

I’ve verified my IPs are correct as far as DNS is concerned.

Screenshot 2023-05-28 at 11.19.09 AM
Screenshot 2023-05-28 at 11.19.09 AM1816×164 15.6 KB 

> ping wireguard.my.domain -4
PING  (correct_ipv4_redacted) 56(84) bytes of data.
64 bytes from correct_ipv4_redacted (correct_ipv4_redacted): icmp_seq=1 ttl=63 time=0.268 ms
64 bytes from correct_ipv4_redacted (correct_ipv4_redacted): icmp_seq=2 ttl=63 time=0.261 ms
64 bytes from correct_ipv4_redacted (correct_ipv4_redacted): icmp_seq=3 ttl=63 time=0.295 ms

> ping wireguard.my.domain -6
PING wireguard.my.domain(my-vnic-name (correct_ipv6_redacted)) 56 data bytes
64 bytes from my-vnic-name (correct_ipv6_redacted): icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from my-vnic-name (correct_ipv6_redacted): icmp_seq=2 ttl=64 time=0.048 ms
64 bytes from my-vnic-name (correct_ipv6_redacted): icmp_seq=3 ttl=64 time=0.070 ms

As far as I can tell, Caddy is listening and there are no iptables rules messing things up.

> sudo netstat -tulpn | grep LISTEN | grep -e :80 -e :443
tcp6       0      0 :::443                  :::*                    LISTEN      5889/caddy
tcp6       0      0 :::80                   :::*                    LISTEN      5889/caddy

> sudo iptables --table nat --list
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !localhost/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.25.0.0/16        anywhere
MASQUERADE  all  --  172.17.0.0/16        anywhere
MASQUERADE  udp  --  172.25.0.100         172.25.0.100         udp dpt:51820

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
DNAT       udp  --  anywhere             anywhere             udp dpt:51820 to:172.25.0.100:51820

Docker logs for Caddy and Firezone don’t show any errors.

Also tried a few suggestions from this thread Oracle Cloud - Arm Instance - Web UI unaccesible - #5 by jamil to no avail :sweat_smile:

> cat /sys/module/wireguard/version
1.0.0
> curl -k https://localhost:443
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error

Any and all ideas are appreciated!

1 Like
2

Well shoot.

I set up a quick Hetzner cloud VM, same Ubuntu 22.04 image, and first try Firezone just works. :man_facepalming:

Thanks Oracle.

Fixed!

1 Like