Port 80 port forward disallowed by ISP. Workaround?

baisong · May 2, 2023, 5:56pm

My YunoHost server

Hardware: Raspberry Pi at home
YunoHost version: 11.1.18 (stable)
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello! Thank you everyone reading this, YunoHost is such an amazing software community!

I just installed Yunohost on my RPI4 at home for the first time a few weeks ago, following the online guide. I can access from my local network but not yet from outside my local network.

As part of installation, I already set up a reserved IP address for my RPI4 and configured the 8 specified port forwards in my router config. I followed these official yunohost ISP box config steps and can run sudo yunohost firewall reload and the server reports that the 8 port forwards are configured correctly. I tried enabling and disabling UPnP.

When I run my diagnosis, I see that port 80 is not reachable from outside the network. I called my internet service provider (Cox Communications, in the US) and learned that they disallow forwarding port 80 (officially, the ban is due to “web servers and worms”!) unless I pay them much more for a “business” account. I think this port 80 ban is the reason that I can only access the site [maindomain].noho.st when connected to my local network, but not from outside, and why I can’t complete a Let’s Encrypt certificate signing.

I found a previous topic suggesting the idea of configuring an alternative HTTP port, like 8080. I also wonder if there is a VPN yunohost app or related yunohost app that might be able to overcome the port 80 ban?

I found a few previous topics related to the Let’s Encrypt errors I see. Here is the closest issue

Here is the Let’s Encrypt error I get (paste.yunohost.org) when I run the certificate signing process from my administration user interface logged in as admin.

And here is my /etc/hosts file, with a few additions based on answers I found in previous topics in this forum (maindomain.tld is just a placeholder for my actual address, which uses noho.st):

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1               yunohost

127.0.0.1       maindomain
127.0.0.1   xmpp-upload.maindomain.tld
127.0.0.1   muc.maindomain.tld

Any suggestions or troubleshooting ideas are much appreciated!

Happy belated May Day,
Oren

tituspijean · May 2, 2023, 7:35pm

Hello, and welcome!

Unfortunately, by blocking port 80, Cox Communications are real dicks and are actively working against a free and decentralized Internet.

There is unfortunately no workaround regarding the generation of Let’s Encrypt certificates: the validation process requires that the web server is reachable through its standard port, i.e. port 80.

You are right though, using a VPN is the way to go. You can refer to this recent issue that gives the two commands to be run (one on your local server, the other on a VPS): Expose easily a ynh local ynh server with a small public vps · Issue #2191 · YunoHost/issues · GitHub We might someday see it included in YunoHost, but they are simple enough that you can run them yourself.

KaraDanvers · May 2, 2023, 8:16pm

i forgot not used in awhile but does Access Tunnels - Cloudflare Zero Trust, work behind blocked port also with https?

system · May 17, 2023, 8:16pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.