I have been using the jwilder's nginx + letsencrypt solution to access my containers online.
Last week my server crashed and after a restart, I couldn't access any of my containers from the internet. Accessing them from LAN works but I get "refused to connect" errors when I use the web address (I'm using DDNS with a domain I own).
Checking the logs, I immediately saw errors in letsencrypt logs like:
:Verify error:: Fetching http:///.well-known/acme-challenge/oSGmRMyB-df4XEN3ZW-8ksBvtxxO8m2Di50mhpWWuu8: Connection refused
I have already double checked port forwarding on my Router and things seem to be ok. I can even use port 22 to SSH into my machine, just to validate that the port forwarding is working.
I also checked UFW status, thinking of firewall issues on my server and UFW is inactive as well.
Any suggestions on how can I debug this further?
Related
I have a DDev project in WSL2. Whenever I try to start it I get an error:
Error response from daemon: Ports are not available: exposing port TCP 127.0.0.1:443 -> 0.0.0.0:0: listen tcp 127.0.0.1:443: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted.'
Sometimes it's also port 80. But most importantly before starting the project none of those ports is occupied. Neither inside WSL nor on the Windows Host. I am also able to start another docker container exposing on those ports. I am even to manually start the router with
COMPOSE_PROJECT_NAME=ddev-project docker-compose -f /home/crs/.ddev/.router-compose-full.yaml -p ddev-router up -d
but I still can't access the project even though the router seems to be running.
ddev debug test also fails.
I tried updating and reinstalling both Docker Desktop and ddev.
I also tried changing the router_http_port and router_https_port to something else. Then it does seem to start the project but I still can't access anything through the ddev router.
The web containers seem to work fine, when not going through the router I can access the project.
Debugging for this is explained in the docs, but it's slightly trickier on WSL2, because the process that's giving trouble may be either on the Windows side or the WSL2 side.
As explained there, you can either find the competing process or change to use different ports in DDEV.
On WSL2, port 80 is often apache2, which some distros have by default, so you can stop it or uninstall it without any harm. Port 443 is something occupied by random poorly behaved processes on Windows, including sometimes virus checkers.
If you use the techniques there to check for competing ports you'll almost certainly solve this.
Another technique is to use curl localhost, curl -I localhost or curl https://localhost and curl -I https://localhost to see if the HTTP response gives you a clue what process is problematic.
Also note that sometimes Docker Desktop is poorly behaved if you're using it, and you may have to restart it.
But if changing the ports to, say, 8080 and 8443 didn't solve it for you then you have a connectivity problem, likely a firewall. That's a completely different problem and you'll want to walk through the troubleshooting instructions in docs and start with temporarily turning off firewall and VPN.
For more interactive help, join us in the DDEV Discord.
So I've been trying to host my own Minecraft server for a while now and I hit a snag.
I have proxmox (192.168.2.100) running an ubuntnu server VM (192.168.2.101) which has a docker container running my Minecraft server. I can connect to the server locally just fine using the ubuntu's IP address and minecraft port, but when I try to port forward the server, I can't connect to it. I checked to see if my port was exposed or not and it is so I know it's not that.
This is the container that I'm using
Okay, so after a long time looking at configurations and some help from the proxmox forum, it turns out that my modem doesn't support NAT reflection which means that any attempts to access my server though my public IP on the same network wouldn't work at all. I used my phone's mobile network to test if I could access the server from outside my local network and it worked just fine!
I installed Jenkins on my windows server and it works when accessing it from localhost:8080.
When I try to access it from outside the server like serveripaddress:8080 it's not accessible.
There is a inbound rule in firewall to named Jenkins for port 8080 for java.
running netstat:
Any idea what can I do in order to be able to access it from outside the server?
Browsing to localhost:8080/manage there is an alert:
It appears that your reverse proxy set up is broken.
It's a bit unclear in your question whether you had set up a firewall rule on your local computer or the server.
Make sure you have opened inbound port 8080 on TCP on your servers firewall.
To make sure the firewall is not the issue, you could test by turning off the firewall completley, assuming the server is not exposed to the web.
After finding a solution for this problem, I have another question: I am running a flask app in a docker container (my web map), and on this map I want to show tiles served by a (flask-based) Terracotta tile server running in another docker container. The two containers are on the same docker network and can talk to each other, however only the port where my web server is running is open to the public, and I like to keep it that way. Is there a way I can serve my tiles somehow "from local" without opening the port of the tile server? Maybe by setting up some redirects or something?
Main reason for this is that I need someone else to open ports for me, which takes ages.
If you are running your docker containers on a remote machine like ec2, then you need not worry about a port being open to public, as by default ports are closed in ec2 or similar services. You just need to open the port on which you are running your app, you can use aws console for that.
If you are running your docker container locally or on some server for which you don't have cosole access, then you can use somekind of firewall to open or close a port. I personally prefer UFW for Ubuntu systems. You can allow a certain range of ports using a simple command such as sudo ufw allow 9000 to allow incoming tcp packets on port 9000. Similarly you can deny incoming packets to a port. Also, you can open a port to a certain ip (like your own ip) using sudo ufw allow from <ip address>.
i'm facing difficulties to hit the api runs on ubuntu inside virtualbox. virtualbox's ip address is 10.0.2.15 . when im trying to hit this ip, i cant access it.
so help me to hit the rails api, that runs on port 3000
TIA
Probably your Linux firewall is blocking connection.
So you can do two things make changes in IPtables rule to allow connection
OR
Just turn IPtables service off