I’m new to self-hosting and struggling to get my services accessible externally. I’m using Traefik as a reverse proxy on a Raspberry Pi 500 running Stormux (Arch Linux ARM-based). My public IP resolves correctly via Dynu DNS, and ports 80 and 8444 are forwarded in my router. I’ve configured Traefik to use port 8444 for HTTPS, but external connections time out. I’ve tried:
• Forwarding ports 80 and 8444 in my router
• Allowing ports in iptables and FirewallD
• Setting my router’s firewall to low security
• Verifying Traefik is listening on port 8444 locally (works with curl)
• Using Authelia for authentication (middleware configured in Traefik)
Internal access works fine, but external access fails. Could this be an ISP block or something I’m missing? Any advice is appreciated! 🙏
#SelfHosting #Traefik #RaspberryPi #DynuDNS #ReverseProxy #Networking #Help #Tech #Technology #Linux
@selfhost @selfhosting @selfhosted @linux
Your ISP doesn’t allow port or 443. Change those to something else, or reverse proxy 80 to 8080 or whatever.
@RareBird15 @selfhost @selfhosting @selfhosted @linux ISP block is quite possible, some will restrict certain ports to business accounts only or make you call to unlock them.
@jyarbrough @selfhost
@bravemonkey @selfhosting @selfhosted @linux @MangoPenguin @geillescas Yeah, I’m very tempted to go back to the way I had things, which allowed me to access services with my Raspberry Pi’s IP and a port number. Since I don’t leave home much and I’m not the ISP account holder, this is starting to seem like more trouble than it’s worth.
Do you have any service listening on port 80? If not, I’d close it in the firewall and disable the forwarding in the router. Also sounds like a bad idea to set your router security to ‘low’, whatever that means for your router.
You can use a tool like this to check if your ports are accessible from the internet: https://www.yougetsignal.com/tools/open-ports/
@bravemonkey The plan was to set it to low temporarily. The choices were high, medium, low, or off. One of the ports Traefik listens on is 80. I used portchecktool.com and it told me the connection was timing out.
@RareBird15
Most ISPs do block incomming traffic by default. You should contact them and request to enable it.
@selfhost @selfhosting @selfhosted @linux@geillescas @selfhost @selfhosting @selfhosted @linux I’ll have to see about this. I’m not the account holder and the one who is, my stepdad, isn’t exactly tech-savvy. My router did have a firewall blocking traffic, but I changed its security level and looked at the rules, so that shouldn’t be an issue anymore.
Maybe your ISP has you on CGNAT? If your public IP is between
100.64.0.0 and 100.127.255.255you’re on CGNAT.@MangoPenguin Nope, public IP starts with 69.58.
Since you’re using a non-standard HTTPS port, check your browser network log in dev tools and make sure your app isn’t redirecting you to the standard port 443. With non-standard ports you often will need to customize the config of apps so they know what you’re using.
Are your clients using port 8444 for https? 443 is the standard
