Docker running but port 443 shows closed

Docker Desktop for Windows
1

Untitled
Untitled2064×864 55.4 KB

I also made sure that windows firewall 443 is open

Any ideas?

2

This is what I got from the logs:

2024-02-11 23:00:05 Total reclaimed space: 0B

2024-02-11 10:51:17 #7 /var/www/docker-aio/php/vendor/slim/slim/Slim/Middleware/ErrorMiddleware.php(76): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))

2024-02-11 10:51:17 #8 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(121): Slim\Middleware\ErrorMiddleware->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))

2024-02-11 10:51:17 #9 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(65): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))

2024-02-11 10:51:17 #10 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(199): Slim\MiddlewareDispatcher->handle(Object(GuzzleHttp\Psr7\ServerRequest))

2024-02-11 10:51:17 #11 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(183): Slim\App->handle(Object(GuzzleHttp\Psr7\ServerRequest))

2024-02-11 10:51:17 #12 /var/www/docker-aio/php/public/index.php(185): Slim\App->run()

2024-02-11 10:51:17 #13 {main}

2024-02-11 10:51:17 Tips: To display error details in HTTP response set "displayErrorDetails" to true in the ErrorHandler constructor.

2024-02-11 10:52:16 NOTICE: PHP message: The response of the connection attempt to "http://xxxx.duckdns.org:443" was:

2024-02-11 10:52:16 NOTICE: PHP message: Expected was: 9a02ce6ad0653b145facc37a0fb8e75356e19d306c15fa70

2024-02-11 10:52:16 NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received

2024-02-11 10:53:27 NOTICE: PHP message: The response of the connection attempt to "http://xxxx.duckdns.org:443" was:

2024-02-11 10:53:27 NOTICE: PHP message: Expected was: 9a02ce6ad0653b145facc37a0fb8e75356e19d306c15fa70

2024-02-11 10:53:27 NOTICE: PHP message: The error message was: Operation timed out after 10001 milliseconds with 0 bytes received

2024-02-11 10:53:51 NOTICE: PHP message: The response of the connection attempt to "http://xxxxduckdns.org:443" was:

2024-02-11 10:53:51 NOTICE: PHP message: Expected was: 9a02ce6ad0653b145facc37a0fb8e75356e19d306c15fa70

2024-02-11 10:53:51 NOTICE: PHP message: The error message was: Operation timed out after 10002 milliseconds with 0 bytes received
3

A little more details would be useful to get help. Your description doesn’t show how you want to access the port and doesn’t share where the logs came from.

4

Looks like Nexcloud. And I also found this from danielsadeh

help nextcloud com/t/install-fresh-nextcloud-port-443-closed/180879/7

Based on the Logs

NOTICE: PHP message: The response of the connection attempt to “http://xxxx.duckdns.org:443

the HTTP protocol for port 443 is used instead of HTTPS. Using https://xxxx.duckdns.org:443/ should solve the problem if the certificate is configured correctly.

5

Thanks @bluesnobly.

I thought that Nextcloud has HTTPS configured natively.

Since I am a complete nooby, can you help with instructions on how to set it up correctly?

Thanks

6

The site you are testing from will find your ports closed if your router isn’t configured to allow them
Did you make sure your router has that port open and your router point your trafic to your device

In case that is a VPS then you need to check its’t configuration in your provider panel you will need to configure the port only

Hope that help

7

This depends on your requirements and your environment. Do you want to install it on a PC, Mac, RasperyPi, NAS system, XEN or other hypervisor under Linux or Windows? With Docker or Docker Swarm? With a proxy or with CloudFlare? Which router are you using to set up port forwarding? Should it be Nexcloud All in One or just Next Cloud? Do you have Portainer installed? And so on.

I would recommend you look for one or more videos. For example on YouTube. There really are a lot. You can search for it like this:

  • nextcloud aio docker self hosted ddns Linux
  • Configuration portforwarding netgear router

Adapt your search term to your requirements and i am sure you will find something.

8

It is installed on a PC Windows 11 with Docker desktop.
No proxy, no cloudflare.
Installed Nextcloud AIO
I have no idea what Potainer is

I tried watching different videos but none seem to help so far.

Any ideas?

9

Do you follow the guide under

to install Nextcloud AIO?

Go on an website like https://www.whatismyip.com/ to check your current IP adresse.

In the logs it looks like you are using Duck DNS.
Take a look in to it and check the IP adress in Duck DNS is up to date.

Open a console on your Windows machine and check the output of “nslookup xxxxxxx.duckdns.org”?
Give it the correct IP adresse? You can do the same test in the Nextcloud Docker container to be sure.

Go to the settings of your router and check which Internet IP address you have received from your provider. Is the same IP address always displayed?

If your router returns an other IP address with the address range 100.64.0.0/10 (adresses from 100.64.0.0 to 100.127.255.255), then your provider is using carrier-grade NAT (CGN or CGNAT), also known as large-scale NAT (LSN). Carrier-grade NAT usually prevents customers from using port forwarding, because the network address translation (NAT) is usually implemented by mapping ports of the NAT devices in the network to other ports in the external interface. If your router and your ISP support PCP, you must configure it accordingly. Otherwise, you cannot use the IP V4 address. Another option is to use the IP V6 adress but your router and your ISP have to support it too.

If all addresses are the same, then you need to check the port forwarding. Have you set up port forwarding for port 443/tcp and 3478/udp and 3478/tcp to your Windows computer on your router? Is your firewall on the router or your Windows firewall blocking this traffic?

You can check reaching port 443 by calling up your address from Duck DNS or your IP address with https:// in your browser. Are you getting a timeout or another error message? And does it make a difference whether you use the IP address or the address of Duck DNS? You can also check your IP V6 address in your browser if you enter the address in this syntax: https://[your:ip:v6:ad:re:ss] The square brackets are required for IP V6 adresses. You can also open https://localhost in your browser on you Windows computer to check whether the Docker container is accessible.

To check the other ports you can use IPv4 Port Checker: IPv6 Open Port Checker Tools - Port.Tools - Verify Port Forwarding, Open/Close Public Port on Your Router Using IpV6 (Note that the displayed title of the website is incorrect)

Just one more thing. In my case, my router is my DNS resolver and did not give me the ip v6 address for my DDNS domain address. Some routers are having a DNS rebinding protection, which blocks the use of private IP ranges by public domains. You must enter your host name of Duck DNS as allowed in your router configuration.

And just another thing. If have to use IP V6 than you have to configure it for Docker Desktop and when you run the container. But I don’t get this work. Because of an error message: "/fixed-cidr-v6 must match format “ipv6"”

10

Thank you.

Yes I have followed these instructions.
When I go to check the port i get:
443 failed 2024-02-19 16:08:18

Yet on the router it is open and ISP (Spectrum) does not block it

This site can’t be reached

XXXX.duckdns.org took too long to respond…

I do not need IPV6

hrough localhost, I am able to get to the AIO log in and when it asks to put in the public url I get the error

The error on localhost:8080/containers :

Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. (‘sudo docker logs -f nextcloud-aio-mastercontainer’) If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.

11

All error messages mean that XXXX.duckdns.org cannot be reached.

Please answer the questions:
a) What is showing when you go to https://localhost ?
b) What is showing when you go to https://XXXX.duckdns.org ?
c) What is showing when you go to https://000.000.000.000 (put in your public IP adress you get under https://www.whatismyip.com)
d) What is showing the output of “nslookup XXXX.duckdns.org" on your host?
e) What is showing the output of “nslookup XXXX.duckdns.org" in your container?
f) Which public ip does your modem/router show? Same as under https://www.whatismyip.com ?
g) Do you have set up port forwarding?

12

a) What is showing when you go to https://localhost ?
AIO v7.12.1 new AIO Instance
b) What is showing when you go to https://XXXX.duckdns.org ?
This site can’t be reached
c) What is showing when you go to https://000.000.000.000 (put in your public IP adress you get under https://www.whatismyip.com) This site can’t be reached amd it turns to the url under duckdns
d) What is showing the output of “nslookup XXXX.duckdns.org" on your host?

AAAA records

No AAAA records found.

CNAME record

No CNAME record found.

TXT records

TXT data
e) What is showing the output of “nslookup XXXX.duckdns.org" in your container?

I guess I don’t know how to execute D and E

f) Which public ip does your modem/router show? Same as under https://www.whatismyip.com ? YES.

g) Do you have set up port forwarding? YES

13

Ok. Container is up and running. But I had expect the same behavior as in my test installation that you get an ssl error. This is not traceable for me.

Okay, we already know that.
Reasons for this could be:
DNS could not be resolved. But next you say:

As I understand it, the web server that you can reach on localhost is not accessible via your public IP.
Reasons for this could be

  • Port forwarding is not working
  • Port forwarding to the wrong destination
  • The data traffic has been blocked

We still need to narrow down the problem a little.

a) What is the IP address of the Windows PC with Docker in the local network? (muss be a private ip adress from 10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)
b) Has exactly this IP been set up for port forwarding?
c) Is this IP accessible in the browser with https://192.168.XXX.XXX or https://172.16.XXX.XXX or https://10.XXX.XXX.XXX in the local network? (It is best to test with a smartphone that is in the same network/same WLAN or another PC in the same LAN)

You can still check the name resolution but the problem will probably be somewhere else.
Here is a video tutorial

If there is no A entry for the IP V4 address, then you have two problems at once.
AAAA entry for IP V6, CNAME and TXT entry are not relevant in our case.