Working on set up of freedombox debian home server

Hello all,

I hope I am not wearing out my welcome in this helpful group and that someone will let me know if I am.

Although I have an Olimex lime2 pioneer box, as I started adding apps to it, I came to the conclusion that an idle pc here would better suit my needs as a freedombox. I have installed debian 12 and updated it to trixie/sid. It is running on an i7 box with a 500g ssd drive and 12 g ram. It is connected by ethernet to the isp provided modem/router I use. My main desktop, Win11, is also connected to that router by ethernet. My router is set to be a DMZ pointed at the local ip of my freedombox.

I will be experimenting with using freedombox for samba locally, syncthing with my phone and my laptop, matrix, shaarli, bepasty, janus and radicale so far.

It seems like any further progress in setting things up is pretty much stalled by a series of issues that are no doubt me missing steps or getting things wrong.

In the course of setting it up, I got control of my domain registration transferred to me so I could have the people who take care of that for me point dns to my local ip number. That seemed to be needed to get a Lets Encrypt certificate which seems to be necessary to get other things going.

My ip number is not static but seldom changes. I will need to set up gnudip but so far I have not been able to get things working on the ip number I have at all. The domain host folks tell me they have pointed their A record at my ipnumber. That was done more than 30 hours ago. Going to my ip number or my domain name in a browser times out.

From my main computer pointing a browser on the same lan to freedombox.local or myboxname.local times out too.

When I go to the local ip number in a browser, it finds the server and freedombox comes up.

I have poked around in Cockpit to see if there are network settings I should deal with. When I open it, it accepts my user login credentials but It won’t let me Turn on Administrative access. I click the link and it pops up a dialogue box for a password but at the first keystroke it disappears and leaves a red Ooops at the top.

Cockpit tells me there are software updates available but when I click the link it takes me to a page with the message " Loading available updates failed Please resolve the issue and reload this page. Failed to obtain authentication."

When I try to update software in Plinth I get this message " Status
You are running Debian GNU/Linux trixie/sid and FreedomBox version 24.1. There is a new FreedomBox version available. Your Freedombox needs an update!"

But when I ask it to update, it gives me the same message.

In Cockpit on the Overview screen there is a Configuration box. The entry for Domain says Join Domain but when I hover over that link, it says Not permitted to configure realms.

In Cockpit, when I go to Services, it seems to be searching for ever. No results.

In Plinth Networks, I see this and wonder if it looks right:

[Image deleted as recommended]

In Plinth diagnostics, I get pages of green Passed items all the way down to Lets Encrypt access url with gets a fail. There is a yellow warning about one package in Samba that sounds like a deal with it later issue. Under App Coturn and App Matrix there are some Fails.

In Plinth Name Services I get a screen that I think is missing some buttons it is supposed to have?
[Image deleted as recommended]

As you can see, I have work to do to get this running nicely.

Cheers,
Ken

Hello Ken,

I’ve reviewed the details you shared, and it seems there might be a few configuration issues with your FreedomBox. Let’s see if we can sort them out.

Firstly, regarding your domain pointing to an IP address:

Since you shared your Name Services page, I took the liberty to try to resolve your domain and it was failing. Trying without the fboxdebian subdomain, I managed to get the Plinth welcome screen, so your FreedomBox is accessible over the internet. That said, since I reckon you are hosting this box at home, I’d recommend editing the post and removing the screenshot of the Name Services page.

As for managing your FreedomBox, I generally recommend using Cockpit primarily for monitoring purposes like checking logs or occasionally reloading a service. Most of your configuration needs can be effectively handled through Plinth.

Concerning your network connectivity issues:

This might be related to your network settings. In Plinth, under Networks, try editing ‘Wired connection 1’ and setting it to the ‘internal’ firewall zone. It’s unusual for FreedomBox not to default to this setting.

Correcting this could potentially resolve your connectivity problems, hopefully allowing your FreedomBox to perform updates. Without a stable internet connection, services like Let’s Encrypt will fail, affecting other services like Matrix.

Regarding your DNS setup, I’d set up DDNS as soon as possible, especially since you don’t have a static IP.

I hope this helps, and please feel free to report back with any progress or further questions.

Hi fefekrrzr
Thanks for your response.

Screenshots deleted as recommended.

I made that change. Wired connection 1 now shows as Internal but the updates still fail.

Ken

I’m not entirely certain, but I believe that after making changes in the Network page, firewalld should automatically reload. However, to be sure, you can manually reload it using Cockpit:

1. Open Cockpit.
2. Navigate to ‘Services.’
3. Find and open ‘firewalld.’
4. Next to the service name, click on the menu and select ‘Reload.’

Alternatively, rebooting your FreedomBox could also help apply the changes. However, I advise caution with this approach, as there’s a small risk of losing access to your FreedomBox after rebooting, especially if there are issues with the network configuration. It’s usually safe, but it’s good to be aware of the possibility.

Regarding accessing your FreedomBox from the internet, have you tried reaching your FreedomBox using your primary domain name, omitting the fboxdebian subdomain? When I attempted to contact your FreedomBox, I was able to connect using just the main domain.

I found firewalld in Cockpit Services. It says it is running, Enabled. I didn’t see any Reload option so I restarted the server altogether. It is running again and lets me have access but the software updates still don’t work.

When I go to fboxdebian with the full domain name, the page can not be found. If I go to the domain name alone, I get a default page from web hosting canada saying they host my domain.

Ken

fboxName.domain in a browser now takes me to Plinth, gives the security warning and lets me in but when it comes up it only shows the first two apps I installed. If I go to Plinth using the local ip number of the server, it shows a half dozen more apps that I have asked it to install.

I see that the difference between the two app listing screens in Plinth was that when I went in using the ip number, I was logged in but when I went in via the fboxname.domain it didn’t automatically log me in. Logging in makes the display of apps consistent.

It’s reassuring to hear that part of the setup is working as expected. However, the issue with the updates is indeed puzzling. When you navigate to Plinth > System > Software Updates and perform a Manual Update by clicking on ‘Update Now’, could you also check the ‘Show recent logs’ section for any unusual entries? If you’re comfortable, feel free to share these logs here. It might help us identify what’s going wrong, and we can all take a closer look to assist you further.

Plinth says:

image1625×1249 200 KB

It looks like updates are happening!

That’s promising news! Have you had a chance to review the logs as I suggested earlier? It’s possible that the upgrade process has begun, but it’s important to ensure that it completes successfully.

Sometimes, updates can take a considerable amount of time. If you’re still seeing notifications about an available FreedomBox update, it would be wise to check the logs for any indications of progress or potential issues. This can give you a clearer picture of the upgrade’s status, as I outlined in my previous message.

Yes, I looked at the logs but didn’t see things from today, but looking again now I see this.

==> unattended-upgrades.log
2024-01-13 12:58:39,607 INFO Starting unattended upgrades script
2024-01-13 12:58:39,607 INFO Allowed origins are: origin=Debian,codename=bookworm,label=Debian, origin=Debian,codename=bookworm,label=Debian-Security, origin=Debian,codename=bookworm-security,label=Debian-Security, o=Debian Backports,n=bookworm-backports,l=Debian Backports
2024-01-13 12:58:39,607 INFO Initial blacklist:
2024-01-13 12:58:39,607 INFO Initial whitelist (not strict):
2024-01-13 12:58:46,373 INFO Packages that will be upgraded: freedombox freedombox-doc-en freedombox-doc-es
2024-01-13 12:58:46,373 INFO Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
2024-01-13 12:59:02,565 INFO All upgrades installed
2024-01-14 01:48:11,741 INFO Starting unattended upgrades script
2024-01-14 01:48:11,742 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-14 01:48:11,742 INFO Initial blacklist:
2024-01-14 01:48:11,742 INFO Initial whitelist (not strict):
2024-01-14 06:08:03,526 INFO Starting unattended upgrades script
2024-01-14 06:08:03,526 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-14 06:08:03,526 INFO Initial blacklist:
2024-01-14 06:08:03,526 INFO Initial whitelist (not strict):
2024-01-14 06:08:04,049 INFO Removing unused kernel packages: linux-image-6.1.0-15-amd64
2024-01-14 06:08:09,179 INFO Packages that were successfully auto-removed: linux-image-6.1.0-15-amd64
2024-01-14 06:08:09,179 INFO Packages that are kept back:
2024-01-14 06:08:09,337 INFO Packages that will be upgraded:
2024-01-14 06:08:59,003 INFO Packages that were successfully auto-removed: cpp-12 fonts-liberation2 gir1.2-clutter-1.0 gir1.2-cogl-1.0 gir1.2-coglpango-1.0 gir1.2-gtkclutter-1.0 gir1.2-javascriptcoregtk-4.0 gir1.2-nma-1.0 gir1.2-soup-2.4 gir1.2-webkit2-4.0 libappstream4 libatkmm-1.6-1v5 libavutil57 libblockdev-crypto2 libblockdev-fs2 libblockdev-loop2 libblockdev-part-err2 libblockdev-part2 libblockdev-swap2 libblockdev2 libboost-filesystem1.74.0 libboost-locale1.74.0 libcairomm-1.0-1v5 libcbor0.8 libcodec2-1.0 libcolamd2 libdav1d6 libdmapsharing-3.0-2 libfuse2 libgcab-1.0-0 libgtkmm-3.0-1v5 libgupnp-igd-1.0-4 libhiredis0.14 libjim0.81 liblc3-0 libllvm15 libmozjs-102-0 libnfs13 liborcus-0.17-0 liborcus-parser-0.17-0 libpangomm-1.4-1v5 libparted-fs-resize0 libpcre3 libperl5.36 libplacebo208 libpostproc56 libquadmath0 libraw20 libsmbios-c2 libsnapd-glib-2-1 libsoup-gnome2.4-1 libsuitesparseconfig5 libswscale6 libvpx7 libwebkit2gtk-4.0-37 libwebsockets17 libzxing2 p7zip perl-modules-5.36 python3-async-generator python3-jaraco.classes python3-llfuse python3-rfc3986
2024-01-14 06:08:59,003 INFO Packages that are kept back:
2024-01-15 06:37:49,819 INFO Starting unattended upgrades script
2024-01-15 06:37:49,820 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-15 06:37:49,820 INFO Initial blacklist:
2024-01-15 06:37:49,821 INFO Initial whitelist (not strict):
2024-01-15 06:37:50,673 INFO No packages found that can be upgraded unattended and no pending auto-removals
2024-01-15 14:29:01,046 INFO Starting unattended upgrades script
2024-01-15 14:29:01,046 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-15 14:29:01,046 INFO Initial blacklist:
2024-01-15 14:29:01,046 INFO Initial whitelist (not strict):
2024-01-15 18:55:10,437 INFO Starting unattended upgrades script
2024-01-15 18:55:10,437 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-15 18:55:10,438 INFO Initial blacklist:
2024-01-15 18:55:10,438 INFO Initial whitelist (not strict):
2024-01-15 18:55:10,959 INFO No packages found that can be upgraded unattended and no pending auto-removals
2024-01-15 18:55:11,047 WARNING Found /var/run/reboot-required, rebooting
2024-01-15 18:55:11,050 WARNING Shutdown msg: b"Reboot scheduled for Tue 2024-01-16 02:00:00 PST, use ‘shutdown -c’ to cancel."
2024-01-16 06:07:27,020 INFO Starting unattended upgrades script
2024-01-16 06:07:27,021 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-16 06:07:27,021 INFO Initial blacklist:
2024-01-16 06:07:27,021 INFO Initial whitelist (not strict):
2024-01-16 06:07:27,506 INFO No packages found that can be upgraded unattended and no pending auto-removals
2024-01-16 06:37:49,350 INFO Starting unattended upgrades script
2024-01-16 06:37:49,350 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-16 06:37:49,350 INFO Initial blacklist:
2024-01-16 06:37:49,350 INFO Initial whitelist (not strict):
2024-01-17 00:16:35,028 INFO Starting unattended upgrades script
2024-01-17 00:16:35,028 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-17 00:16:35,028 INFO Initial blacklist:
2024-01-17 00:16:35,028 INFO Initial whitelist (not strict):
2024-01-17 00:16:35,843 INFO No packages found that can be upgraded unattended and no pending auto-removals
2024-01-17 02:27:40,004 INFO Starting unattended upgrades script
2024-01-17 02:27:40,004 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-17 02:27:40,004 INFO Initial blacklist:
2024-01-17 02:27:40,004 INFO Initial whitelist (not strict):
2024-01-17 02:27:40,568 INFO No packages found that can be upgraded unattended and no pending auto-removals
2024-01-17 06:04:16,423 INFO Starting unattended upgrades script
2024-01-17 06:04:16,424 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-17 06:04:16,424 INFO Initial blacklist:
2024-01-17 06:04:16,424 INFO Initial whitelist (not strict):
2024-01-17 06:04:16,873 INFO No packages found that can be upgraded unattended and no pending auto-removals
2024-01-17 06:12:18,887 INFO Starting unattended upgrades script
2024-01-17 06:12:18,888 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-17 06:12:18,888 INFO Initial blacklist:
2024-01-17 06:12:18,888 INFO Initial whitelist (not strict):
2024-01-17 06:12:19,387 INFO No packages found that can be upgraded unattended and no pending auto-removals
2024-01-17 06:14:50,475 INFO Starting unattended upgrades script
2024-01-17 06:14:50,475 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-17 06:14:50,475 INFO Initial blacklist:
2024-01-17 06:14:50,475 INFO Initial whitelist (not strict):
2024-01-17 06:14:50,923 INFO No packages found that can be upgraded unattended and no pending auto-removals
2024-01-17 07:38:08,450 INFO Starting unattended upgrades script
2024-01-17 07:38:08,450 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-17 07:38:08,450 INFO Initial blacklist:
2024-01-17 07:38:08,450 INFO Initial whitelist (not strict):
2024-01-17 07:38:08,991 INFO No packages found that can be upgraded unattended and no pending auto-removals
2024-01-17 09:06:19,166 INFO Starting unattended upgrades script
2024-01-17 09:06:19,166 INFO Allowed origins are: origin=Debian,codename=trixie,label=Debian, origin=Debian,codename=trixie,label=Debian-Security, origin=Debian,codename=trixie-security,label=Debian-Security, o=Debian Backports,n=trixie-backports,l=Debian Backports
2024-01-17 09:06:19,166 INFO Initial blacklist:
2024-01-17 09:06:19,166 INFO Initial whitelist (not strict):
2024-01-17 09:06:19,668 INFO No packages found that can be upgraded unattended and no pending auto-removals

It appears from the logs that the update process is proceeding correctly. Has the notification about the new FreedomBox version now disappeared?

Regarding Let’s Encrypt, it seems like it might not be set up yet. When I access your FreedomBox using just the primary domain name (omitting the subdomain), it indicates that there’s no certificate. However, trying to connect with the full address including the subdomain doesn’t work for me. This situation suggests it might be worth double-checking whether the A records are configured for both the subdomain and the primary domain. It seems like it might currently be set up only for the primary domain.

In response to your previous post:

In my attempts, I don’t encounter the web hosting page; instead, I’m directed to your FreedomBox. This discrepancy could be a clue about how your DNS settings are configured, and it might be worth investigating further.

Could I ask what happened between Jan 13 and Jan 14? Did you change to trixie/testing on purpose?

I intended to move from stable to unstable or testing, not sure which. I did intend to move from stable to something more current. Did I get it wrong?

Last night I had the folks who host my dns records add my freedombox machine name as a subdomain in addition to just my domain and now when I go to Let’s Encrypt, it issues me a certificate. Presto!

Looking at the settings for Dynamic DNS client, I see that it is now enabled using GnuDIP. I wonder if there is a way to know whether it is working before my isp next changes my ip number. I guess I will only know then if I have broken it.

When I go in Plinth to Software Updates, I see this message: " You are running Debian GNU/Linux trixie/sid and FreedomBox version 24.1. There is a new FreedomBox version available. Your Freedombox needs an update!" I click the Update Now button and it briefly displays a message about updating but then stops. The logs don’t seem to show this at all.

I have run the diagnostics in Plinth and it shows all green enable buttons for everything except Matrix
which has red flags for my url.

I tried to reinstall Matrix because it was not enabled. It tells me I need a TLS cert rather than a self signed cert and offers a link to Lets Encrypt. When I follow that, it shows the certificate that was issued a few hours ago. Is there something I need to do so that Plinth settings for Matrix recognize this certificate?

Tinkering continues!

KenW

At the bottom of the DDNS Client page in FreedomBox, you can check when was the last time it was updated.

image918×148 10.2 KB

You could try with ‘Re-Run Setup’ and if that doesn’t work, maybe uninstalling first and installing once again from scratch.