Background:
Proxmox node hosting an Ubuntu VM. VM hosting Docker.
Docker has several Containers inc nginx, traefik, cloudflare, portainer.
Traefik Dashboard is free of errors.
Local settings / results:
PiHole used on LAN for recursive DNS.
Local DNS entry for domain 'test.<mydomain>' in PiHole pointing to VM's IP.
Nginx web directory has a simple 'Hello' style <H1> entry.
Browse from PC on LAN to test.<mydomain> works perfectly.
External settings / results:
Static IP from ISP.
Domain registered with Cloudflare (CF). 'A' record in CF to static IP.
Traefik gets certificate from Let's Encrypt with API from CF.
Mikrotik RB4011 has dst-nat entries for port 80 and 443 from WAN pointing to VM's IP.
Also have a F/W Forward Filter rule to accept 'Connection NAT state'=dstnat where IN Interface = ether1 (WAN)
Browse from phone on mobile network (to simulate external call) using test.<mydomain> results in Error 522, meaning everything worked as expected until the target server (nginx in my case) timed-out (or failed to respond).
Checking the Bytes field on the Tik shows nil received in the dst-nat entries - which is where I would have expected to see activity inbound from CF.
Checked with ISP support this morning - they swear blind that no ports are blocked.
Grateful for any tips on next place to look / test.
For context, I'm following along the YT videos from @Jims-Garage
Proxmox node hosting an Ubuntu VM. VM hosting Docker.
Docker has several Containers inc nginx, traefik, cloudflare, portainer.
Traefik Dashboard is free of errors.
Local settings / results:
PiHole used on LAN for recursive DNS.
Local DNS entry for domain 'test.<mydomain>' in PiHole pointing to VM's IP.
Nginx web directory has a simple 'Hello' style <H1> entry.
Browse from PC on LAN to test.<mydomain> works perfectly.
External settings / results:
Static IP from ISP.
Domain registered with Cloudflare (CF). 'A' record in CF to static IP.
Traefik gets certificate from Let's Encrypt with API from CF.
Mikrotik RB4011 has dst-nat entries for port 80 and 443 from WAN pointing to VM's IP.
Also have a F/W Forward Filter rule to accept 'Connection NAT state'=dstnat where IN Interface = ether1 (WAN)
Browse from phone on mobile network (to simulate external call) using test.<mydomain> results in Error 522, meaning everything worked as expected until the target server (nginx in my case) timed-out (or failed to respond).
Checking the Bytes field on the Tik shows nil received in the dst-nat entries - which is where I would have expected to see activity inbound from CF.
Checked with ISP support this morning - they swear blind that no ports are blocked.
Grateful for any tips on next place to look / test.
For context, I'm following along the YT videos from @Jims-Garage
Statistics: Posted by bcollie — Sun Jan 28, 2024 2:12 pm