Can't access AWS Nextcloud site after F35 upgrade

tecc · November 5, 2021, 12:48am

This seems like a really strange issue. I am able to access the site and Windows desktop and Android clients can access it. I can access via Windows 10 Chrome browser also.
Before upgrade to F35 from F34 I could access the site. Now the client is unable to access the site and I am unable to access the site via Brave, IceCat, Chromium or Firefox. This only occurred as of the upgrade.
I get Connection refused errors. Occasionally it will connect for a short time, appear to be doing ok then drop. This is usually just after a network connection swap or restart of system. Almost like a firewall is preventing it.
I can’t access via Static IP or DNS Name.

I have tested on multiple network connections also.

The site is on AWS, Singapore. It is hosted on Linux, with Plesk and Domain Registrar on GoDaddy.

This problem, I confirm, has ONLY occurred since upgrade to F35.

Help please

vgaetera · November 5, 2021, 3:02am

Check if you can access the site over VPN or Tor.

tecc · November 5, 2021, 4:31am

Interesting. I can access via Tor

vgaetera · November 5, 2021, 6:16am

It might be a problem with routing/MTU, or some issue with traffic shaping on the ISP side.

tecc · November 6, 2021, 12:21am

It’s definitely something in F35. I can access via my network at home on Windows and Android. I can only access from F35 on Tor regardless of network i’m on.
There was no issue under F34.
It is not ISP issue. It is something in F35. My father has been able to access it on his windows machine sitting right next to me on the same network. It appears there is something (geoblock or something maybe) in F35. At this rate if things aren’t fixed, I’m pulling my home drive and reinstalling F34.

vgaetera · November 6, 2021, 4:26am

https://discussion.fedoraproject.org/t/epiphany-gnome-web-webkit-intermittently-breaks/67882/4?u=vgaetera

tecc · November 6, 2021, 8:33am

OK using your scripts above

directory /etc/systemd/resolved.conf.d/ does not exist for the 2nd sudo tee… command
2nd sudo tee… command I used same as first script directory /etc/NetworkManager/conf.d/

$ sudo cat /etc/NetworkManager/conf.d/00-custom.conf
[Resolve]
DNS=8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
DNSOverTLS=yes

$ sudo resolvectl status
Global
       Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (eth0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: <my-local-router>
       DNS Servers: <my-local-router>

Link 3 (wlan0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: <my-local-router>
       DNS Servers: <my-local-router>

Link 4 (virbr0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

The <my-local-router> IP is literally my internal network router.
I can’t workout how to get a DNS resolve of any other kind.

Currently I still can’t access the service either directly to the website or via the installed Nextcloud client.

vgaetera · November 6, 2021, 8:46am

Sorry, fixed the missing line.
Copy-paste the entire block of code and try again.

tecc · November 6, 2021, 9:56am

Code block worked this time

$ sudo resolvectl status
Global
         Protocols: LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: 8.8.4.4#dns.google
       DNS Servers: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google

Link 2 (eth0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlan0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=no/unsupported

Link 4 (virbr0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=no/unsupported

However I am still unable to access the site.

vgaetera · November 6, 2021, 11:15am

Let’s collect diagnostics for your site:

resolvectl query example.org

curl -4 -v example.org | head
curl -6 -v example.org | head

mtr -4 -wbc 50 example.org
mtr -6 -wbc 50 example.org

tecc · November 8, 2021, 11:01pm

I have sanitised the log somewhat due to this being a private cloud storage service hosted. Script was run with the actual website domain name. I’ve just cleared some IPs and used the “example.org” in place of the actual domain name.

$ resolvectl query example.org

curl -4 -v example.org| head
curl -6 -v example.org | head

mtr -4 -wbc 50 example.org
mtr -6 -wbc 50 example.org
example.org: 52.76.x.x               -- link: wlan0

-- Information acquired via protocol DNS in 1.2ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: yes
-- Data from: cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 52.76.x.x..
* Connected to example.org (52.76.x.x) port 80 (#0)
> GET / HTTP/1.1
> Host: example.org
> User-Agent: curl/7.79.1
> Accept: */*
> 
* Recv failure: Connection reset by peer
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Closing connection 0
curl: (7) Couldn't connect to server
Start: 2021-11-09T09:52:56+1100
HOST: <fedora35-laptop                                               Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- _gateway (192.x.x.x)                                   0.0%    50   11.6   8.7   4.1  28.9   4.9
  2.|-- 10.252.x.x                                               0.0%    50   45.2 118.8  27.4 263.8  72.1
  3.|-- 10.252.x.x                                              0.0%    50   45.0  37.5  23.7  79.2  11.3
  4.|-- 10.246.71.254                                               0.0%    50   33.1  34.5  23.2  81.4   9.8
  5.|-- 120.17.253.249                                              0.0%    50   29.5  35.9  24.2  83.5  11.3
  6.|-- 10.246.69.217                                               0.0%    50   35.5  34.2  23.4  85.4   9.9
  7.|-- 203-219-107-89.static.tpgi.com.au (203.219.107.89)          0.0%    50   32.4  35.4  24.2  87.1  10.3
  8.|-- syd-apt-ros-crt1-he-0-3-0-2.tpgi.com.au (203.29.134.1)      0.0%    50  132.2 130.8 118.7 141.2   6.6
  9.|-- syd-pwk-dym-crt2-ge-8-0.static.tpgi.com.au (203.26.22.126)  0.0%    50  127.1 126.7 113.7 155.9   7.0
 10.|-- per-apt-stg-crt1-be10.tpgi.com.au (203.219.58.177)          0.0%    50  131.7 125.5 115.3 139.4   6.2
 11.|-- sin-eqx-aye-int1-Hu-0-0-0-20.tpg.com.au (203.219.107.114)   0.0%    50  134.9 127.5 120.2 151.0   6.7
 12.|-- 16509.sgw.equinix.com (27.111.228.215)                      0.0%    50  119.1 125.8 116.5 146.3   6.3
 13.|-- 52.93.8.102                                                 0.0%    50  125.4 130.4 116.5 169.6   9.2
 14.|-- 52.93.11.9                                                  0.0%    50  136.6 129.9 117.8 151.1   8.1
 15.|-- 52.93.11.14                                                 0.0%    50  129.7 129.1 116.1 159.6   7.5
 16.|-- 150.222.108.95                                              0.0%    50  127.9 129.6 117.2 160.5   9.3
 17.|-- 150.222.108.74                                              0.0%    50  132.3 131.1 119.0 250.6  18.3
 18.|-- ???                                                        100.0    50    0.0   0.0   0.0   0.0   0.0
mtr: Failed to resolve host: example.org: Name or service not known

vgaetera · November 9, 2021, 12:29am

Check the server log for possible errors.