can't access from outside with nginx reverse proxy in docker - docker

i know there are lots of similar questions about but no one help me.
I have a linux server running nginx reverse proxy in docker, a duckdns domain created,opened my router port 80 and 443. I can't access from outside with my domain name or public ip, it seems like my router refuses external request. I tried with lots of configuration, follow lots of guides on web... I get crazy to solve this problem.
I think problem is before nginx, so i not post my nginx conf. If can help, I will post it.
Hope someone can help me. Thank you so much

There are several things that could be causing the issue with your router refusing external requests. Here are a few things to check:
Make sure that your router's firewall is configured to allow incoming connections on ports 80 and 443. Some routers have a built-in firewall that needs to be configured to allow traffic through specific ports.
Confirm that your router is properly forwarding incoming requests to the correct IP address and port on your network. This is typically done through a feature called port forwarding.
Check your router's security settings to ensure that it is not blocking incoming requests based on the source IP address or domain name. Some routers have the option to block incoming requests from specific IP addresses or domain names.
Confirm that your Linux server is properly configured to handle incoming requests. This includes checking that your Nginx reverse proxy is running and properly configured to forward requests to the correct IP address and port.
Verify that your DNS is pointing to the right IP address, you can use online tools like https://www.whatsmydns.net/ to check this.
Check if your router have any VPN or proxy service enabled, which could be affecting the incoming request.
Check if your ISP is blocking incoming connection to your public IP address.
It's also possible that there might be a problem with your router's firmware or hardware, in that case, you may need to contact the manufacturer for further assistance.

Related

How can I access services via subdomain instead of ip + port?

I have a little server in my local network that provides several web services. Each service can be accessed by entering the ip of the server followed by the respective port.
Now I always have to remember which service is behind which port and it would be nicer to have specific subdomains forwarded to these ports. For example
ip:1234 -> foo.server.local
ip:4321 -> bar.server.local
How can this be done? I have pihole running on the server and had hoped to get this done using pihole but I was not successful.
What you are looking for is to set up a Domain Name Server (DNS). phoenixnap.com/kb/raspberry-pi-dns-server This guide should help.
You use a domain to direct to an IP:port combo. Like you could direct 123.12.12.12:8080 to some.thing and 123.12.12.12:8081 to any.address.
The domain name is arbitrary and masks the whole IP:port address.

edited how to make nginx pont to my mosquitto broker in docker [duplicate]

I have a server and I am using Ubuntu 20.04, nginx , mosquitto and node-red and docker , let's call the website http://mywebsite.com. The problem that I am facing that I have created a client lets call it client1 in docker so the URL will be http://mywebsite.com/client1
and I want to establish an MQTT connection via mosquitto and I'm sending the data on topic test
The problem that on node red node of MQTT when I write the IP address of my mosquitto container it works
But if I change the IP address 192.144.0.5 with mywebsite.com/client1 I can't connect to mosquitto and I can't send or receive any form of data
any idea on how to solve this problem
OK, you are going to have several problems here.
You can not do path based proxying with MQTT. If you want to have multiple MQTT brokers (1 per client) bound to a single public facing domain/IP address then they are all going to have to run on separate ports (other than the default 1883).
Nginx can do MQTT protocol proxying (e.g. like this), so you can use this to expose the different ports and forward them to the separate instances of mosquitto, but even if you had a different hostname (all pointing at the same IP address) nginx has no way to know which host name was used because there is no equivalent to the HOST HTTP header to direct it. If you were to use MQTT with TLS then you may be able to get it to work with SNI, but I've never seen anybody do that yet (possible docs for SNI based routing here) It works, explanation about how to do it here.
If you use MQTT over Websockets then you should be able to use hostname based routing.
Path based proxying for Node-RED currently doesn't work properly if you enable admin authentication, because the admin auth tokens are currently stored in browser local storage and only scoped to the hostname, not the hostname + path. This will mean that a client will only ever be able to log into one instance at a time.
You can work round this by using host based proxying, e.g. http://client1.mywebsite.com
A fix for this is on the backlog for Node-RED, probably (no promises) to be looked at after version 1.2.0 ships

Port forwarding, DMZ, turning off firewall and adding port doesn't work to reach out port

I am using Windows 10 with IIS 10.0
I am publishing website on IIS and I need to reach it with public ip.
What I did;
* Port forwarding through router
* Adding DMZ with my local IP
* Turning off firewall
* Adding port to firewall inbound rules with allow edge traversal
I can connect with internal IP like 192.168.1.75:81
I get "System.Net.Sockets.SocketException A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond from [MYPUBLICIP]" when I try to reach it like MYPUBLICIP:81
What are the possible scenarios that blocks to port?
Thanks.
As far as I know, the error message means there is no server listening at specified ip/port that you are trying to connect to.
In my opinion, you should firstly make sure your client machine could access your server by using this MYPUBLICIP address.
Then I suggest you could try to make sure the port 81 is your IIS web application port.
Besides, I suggest you could try to open your event viewer to find out the details error message.

Trace and filter http traffic on a different port other than port 80 (8986 for instance) going to a remote machine in Fiddler v4.4.5.9?

Is it possible to capture and filter http traffic on a differnt port (other than port 80) that are going to a remote machine. I'm looking to trace traffic on port 8986 in this case ?
Fiddler doesn't care at all what port the HTTP/HTTPS traffic is coming from or going to. It's a proxy, which means that any traffic sent to it is shown.
What application are you trying to track? What networking code does it use?
See http://www.fiddlerbook.com/fiddler/help/hookup.asp for common proxy configuration steps.

I can't access port from outside

I'm using a dedicated server on aruba with ZyWall firewall. I have two ports listening in the server, using telnet from inside I can connect to both the ports. If I try to telnet from outside I can access only to one of them.
I have not internal firewall, and I don't understand how I can see if the ZyWall is blocking the port access or it is forwarding all connections to that port to another ip.
Have you any suggestion?
I found the solution. I accessed the firewall web interface from a firefox installed in the dedicated server behind the firewall (the web interface is not accessible from outside), then I made two steps:
I added a rule on which I permit the access to the target port. I made this using the "Service" tab in the Security->Firewall menĂ¹.
In the matrix between LAN, WAN, DMZ etc.. I modified the rule "from WAN to LAN" and I added the rule made in the previous step.
Now it works!

Resources