WiFi router > RPi > Docker > nginx > net::ERR_CONNECTION_RESET
Back-story (that may or may not be relevant):
I have a home setup as mentioned in the title:
WiFi router > RPi > Docker > nginx > php app
The setup was working fine for several months, until I changed ISP. That is when I had to address several issues:
- ISP was using CG-NAT by default. Thankfully, I was able to request a public dynamic IP.
- ISP provided me with Sagemcom 5655 v2AC router that by default uses ports 80/443 for remote management and I had to jump through some hoops to disable that feature and instead forward those ports to the RPi. (checked with portchecker.co that port 80 is open)
Just when I thought surprises were over and I was testing how my webapp looks when accessed via domain name (Google DNS + DDClient), it didn't work. At first, I thought I still couldn't access RPi using public IP address, but then I opened Chrome dev console and saw that some resources were actually being downloaded, while others failed. That's when I tried to access website using RPi's local IP address out of curiosity and it worked just fine.
Current situation:
- Accessing webapp using local IP address works fine
- Accessing webapp using public IP address serves some resources (index, manifest.js), while others seem to be served partially (app.css, vendor.js) and eventually time out with
net::ERR_CONNECTION_RESET
error
This is how it looks when I try to load <my_domain>.net/css/app.css
I used ngrep
to see how network traffic differs between local and public IP requests to <my_domain>.net/css/app.css
and noticed something strange. While loading resource via local IP address I just saw bunch of TCP packets that contained parts of the resource, however when loading it via public IP it would end up resending the first packet multiple times until it gives up:
$ sudo ngrep port 80
interface: eth0 (192.168.1.0/255.255.255.0)
filter: (ip or ip6) and ( port 80 )
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
####
T 192.168.1.1:64447 -> <public_ip>:80 [A]
......
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.1:64447 -> <public_ip>:80 [A]
......
#####
T 192.168.1.1:64447 -> 192.168.1.128:80 [A]
......
#^Cexit
25 received, 0 dropped
I had some suspicions about RPi/Docker/nginx part of the setup initially, but once I realised that website works fine when accessed locally I don't know what to think any more. Any ideas?
P.S.
I have moved Docker/nginx to port 8080 and forwarded that port to RPi, but still experiencing the same issue.
networking google-chrome router raspberry-pi nginx
add a comment |
Back-story (that may or may not be relevant):
I have a home setup as mentioned in the title:
WiFi router > RPi > Docker > nginx > php app
The setup was working fine for several months, until I changed ISP. That is when I had to address several issues:
- ISP was using CG-NAT by default. Thankfully, I was able to request a public dynamic IP.
- ISP provided me with Sagemcom 5655 v2AC router that by default uses ports 80/443 for remote management and I had to jump through some hoops to disable that feature and instead forward those ports to the RPi. (checked with portchecker.co that port 80 is open)
Just when I thought surprises were over and I was testing how my webapp looks when accessed via domain name (Google DNS + DDClient), it didn't work. At first, I thought I still couldn't access RPi using public IP address, but then I opened Chrome dev console and saw that some resources were actually being downloaded, while others failed. That's when I tried to access website using RPi's local IP address out of curiosity and it worked just fine.
Current situation:
- Accessing webapp using local IP address works fine
- Accessing webapp using public IP address serves some resources (index, manifest.js), while others seem to be served partially (app.css, vendor.js) and eventually time out with
net::ERR_CONNECTION_RESET
error
This is how it looks when I try to load <my_domain>.net/css/app.css
I used ngrep
to see how network traffic differs between local and public IP requests to <my_domain>.net/css/app.css
and noticed something strange. While loading resource via local IP address I just saw bunch of TCP packets that contained parts of the resource, however when loading it via public IP it would end up resending the first packet multiple times until it gives up:
$ sudo ngrep port 80
interface: eth0 (192.168.1.0/255.255.255.0)
filter: (ip or ip6) and ( port 80 )
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
####
T 192.168.1.1:64447 -> <public_ip>:80 [A]
......
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.1:64447 -> <public_ip>:80 [A]
......
#####
T 192.168.1.1:64447 -> 192.168.1.128:80 [A]
......
#^Cexit
25 received, 0 dropped
I had some suspicions about RPi/Docker/nginx part of the setup initially, but once I realised that website works fine when accessed locally I don't know what to think any more. Any ideas?
P.S.
I have moved Docker/nginx to port 8080 and forwarded that port to RPi, but still experiencing the same issue.
networking google-chrome router raspberry-pi nginx
add a comment |
Back-story (that may or may not be relevant):
I have a home setup as mentioned in the title:
WiFi router > RPi > Docker > nginx > php app
The setup was working fine for several months, until I changed ISP. That is when I had to address several issues:
- ISP was using CG-NAT by default. Thankfully, I was able to request a public dynamic IP.
- ISP provided me with Sagemcom 5655 v2AC router that by default uses ports 80/443 for remote management and I had to jump through some hoops to disable that feature and instead forward those ports to the RPi. (checked with portchecker.co that port 80 is open)
Just when I thought surprises were over and I was testing how my webapp looks when accessed via domain name (Google DNS + DDClient), it didn't work. At first, I thought I still couldn't access RPi using public IP address, but then I opened Chrome dev console and saw that some resources were actually being downloaded, while others failed. That's when I tried to access website using RPi's local IP address out of curiosity and it worked just fine.
Current situation:
- Accessing webapp using local IP address works fine
- Accessing webapp using public IP address serves some resources (index, manifest.js), while others seem to be served partially (app.css, vendor.js) and eventually time out with
net::ERR_CONNECTION_RESET
error
This is how it looks when I try to load <my_domain>.net/css/app.css
I used ngrep
to see how network traffic differs between local and public IP requests to <my_domain>.net/css/app.css
and noticed something strange. While loading resource via local IP address I just saw bunch of TCP packets that contained parts of the resource, however when loading it via public IP it would end up resending the first packet multiple times until it gives up:
$ sudo ngrep port 80
interface: eth0 (192.168.1.0/255.255.255.0)
filter: (ip or ip6) and ( port 80 )
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
####
T 192.168.1.1:64447 -> <public_ip>:80 [A]
......
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.1:64447 -> <public_ip>:80 [A]
......
#####
T 192.168.1.1:64447 -> 192.168.1.128:80 [A]
......
#^Cexit
25 received, 0 dropped
I had some suspicions about RPi/Docker/nginx part of the setup initially, but once I realised that website works fine when accessed locally I don't know what to think any more. Any ideas?
P.S.
I have moved Docker/nginx to port 8080 and forwarded that port to RPi, but still experiencing the same issue.
networking google-chrome router raspberry-pi nginx
Back-story (that may or may not be relevant):
I have a home setup as mentioned in the title:
WiFi router > RPi > Docker > nginx > php app
The setup was working fine for several months, until I changed ISP. That is when I had to address several issues:
- ISP was using CG-NAT by default. Thankfully, I was able to request a public dynamic IP.
- ISP provided me with Sagemcom 5655 v2AC router that by default uses ports 80/443 for remote management and I had to jump through some hoops to disable that feature and instead forward those ports to the RPi. (checked with portchecker.co that port 80 is open)
Just when I thought surprises were over and I was testing how my webapp looks when accessed via domain name (Google DNS + DDClient), it didn't work. At first, I thought I still couldn't access RPi using public IP address, but then I opened Chrome dev console and saw that some resources were actually being downloaded, while others failed. That's when I tried to access website using RPi's local IP address out of curiosity and it worked just fine.
Current situation:
- Accessing webapp using local IP address works fine
- Accessing webapp using public IP address serves some resources (index, manifest.js), while others seem to be served partially (app.css, vendor.js) and eventually time out with
net::ERR_CONNECTION_RESET
error
This is how it looks when I try to load <my_domain>.net/css/app.css
I used ngrep
to see how network traffic differs between local and public IP requests to <my_domain>.net/css/app.css
and noticed something strange. While loading resource via local IP address I just saw bunch of TCP packets that contained parts of the resource, however when loading it via public IP it would end up resending the first packet multiple times until it gives up:
$ sudo ngrep port 80
interface: eth0 (192.168.1.0/255.255.255.0)
filter: (ip or ip6) and ( port 80 )
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
####
T 192.168.1.1:64447 -> <public_ip>:80 [A]
......
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.1:64447 -> <public_ip>:80 [A]
......
#####
T 192.168.1.1:64447 -> 192.168.1.128:80 [A]
......
#^Cexit
25 received, 0 dropped
I had some suspicions about RPi/Docker/nginx part of the setup initially, but once I realised that website works fine when accessed locally I don't know what to think any more. Any ideas?
P.S.
I have moved Docker/nginx to port 8080 and forwarded that port to RPi, but still experiencing the same issue.
networking google-chrome router raspberry-pi nginx
networking google-chrome router raspberry-pi nginx
edited Jan 20 at 16:09
IvanR
asked Jan 20 at 12:33
IvanRIvanR
1012
1012
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396291%2fwifi-router-rpi-docker-nginx-neterr-connection-reset%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396291%2fwifi-router-rpi-docker-nginx-neterr-connection-reset%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown