Unable to modify HTTP port

solnik10 · March 9, 2019, 12:03am

Hi, my ISP blocks port 80 so I can’t access my server from outside my local network. I’m trying to open port 8080 (or any other than the default ones) without success.

admin@vovo:~$ sudo yunohost firewall list
opened_ports: 
- 25
- 53
- 80
- 443
- 587
- 993
- 5222
- 5269
- 5353
- 8080

However port 8080 is not listed when I run netstat -an | grep tcp or nmap -sT -O localhost. Do I have do to any anything other than yunohost firewall allow TCP <port_number> to do the trick? My router configuration is ok.

Aleks · March 9, 2019, 12:12am

Well opening a port is easy but what do you expect by doing this ? No program apriori listen to port 8080

solnik10 · March 9, 2019, 12:21am

Thank you for your answer. It should be easy indeed, but apparently isn’t working for me…I expect to access my server from outside my local network using another port like http://myserver.nohost.me:8080. I cannot listen to any other port other than the default ones even if the firewall says that they are opened.

Aleks · March 9, 2019, 12:23am

Alright … but a program needs to be listening to port 8080 for this to work, sooo, I’d say more tweaking and tinkering is required Otherwise you’ll just see a blank page

solnik10 · March 9, 2019, 12:43am

Ok, thanks. So, can you help me on that? I can’t find this info anywhere…

solnik10 · March 10, 2019, 11:27pm

I’ve made some progress by changing the port to 8080 on file /etc/nginx/conf.d/myserver.nohost.me.conf. Now my server is listening to port 8080 and I can access it from my local network using the new assigned port, but this is still not possible from outside my network. What am I missing?

Aleks · March 10, 2019, 11:30pm

Have you configured port forwarding on your internet box to route port 8080 outside the local network ?

solnik10 · March 10, 2019, 11:32pm

Yes, port forwarding is properly configured. Is there any other file that I should edit?

Aleks · March 10, 2019, 11:36pm

I don’t think so …

So how do you test that your server is accessible from outside ?

solnik10 · March 10, 2019, 11:40pm

I’ve modified my SHH port and it’s working fine from outside. XMPP is working as well. The only thing isn’t working is access via web. I’ve checked that my server is listening to port 8080 by using an open port check tool site.

Aleks · March 10, 2019, 11:42pm

So does it tells that port 8080 is accessible, or is not ?

solnik10 · March 10, 2019, 11:47pm

Yes, it tells that port 8080 is accessible but I still can’t connect to my server…

Aleks · March 10, 2019, 11:48pm

So are you contacting it through the IP or through the domain name ?

And if it doesn’t work, what error does it shows exactly ?

solnik10 · March 11, 2019, 12:10am

I’ve tried both without success. The error I get is “The connection has timed out”.

solnik10 · March 16, 2019, 12:19am

I’ve been trying for the last 5 days but still no success…any ideas?

kanhu · March 18, 2019, 12:58pm

Its better to provide your domain information, so that someone can have a look into it.

solnik10 · March 21, 2019, 2:22pm

Hi,

My domain: solnik.nohost.me

solnik.nohost.me.conf is now configured as follows:

server {
listen 81;
listen [::]:81;
server_name solnik.nohost.me;

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name solnik.nohost.me;

I forgot to say earlier that my ISP block both port 80 and 443. Does that make any difference? I’ve tried to modify https port to 444 without success.

Aleks · March 21, 2019, 2:40pm

My experience with modifying the HTTP or HTTPS ports to bypass this kind of limitation is not the right thing to do … Theroretically it’s doable, but in pratice it is a huge technical mess. Changing port 80 might work, but I found in the past that changing port 443 is more complicated because there are too many assumptions everywhere about this port (even sometime hard-coded stuff)

And then even if you succeed in changing this, you will have to tell all your user to access your server via https://yourdomain.tld:444/

And for instance if they (or you…) only type yourdomain.tld in the browser it won’t work … and even yourdomain.tld:81 won’t work : because yunohost will make a redirection to HTTPS … which happens to redirect to https://yourdomain.tld (without the custom port) so you need to fix those redirection as well

Not to mention you won’t be able to fetch LetsEncrypt certificates …

So imho you have those possible solution :

change ISP and choose one that does provide you with a decent internet connection, not just half of it
configure a VPN like those provided by the FFDN (or any VPN that does provide you with full control of the IP)

solnik10 · March 21, 2019, 10:07pm

Thanks, Aleks. I currently have just two ISPs to choose from and none of them provide a decent internet connection. I’ve started looking at the VPN provided by the FFDN, but I think that distance might be a problem. I live in Brazil and getting a VPN based in France will significantly slow down my internet speed, right?

Aleks · March 21, 2019, 10:14pm

Yes clearly

Maybe there are some devent VPN providers implemented in Brazil