WiFi router > RPi > Docker > nginx > net::ERR_CONNECTION_RESET












0















Back-story (that may or may not be relevant):



I have a home setup as mentioned in the title:



WiFi router > RPi > Docker > nginx > php app


The setup was working fine for several months, until I changed ISP. That is when I had to address several issues:




  1. ISP was using CG-NAT by default. Thankfully, I was able to request a public dynamic IP.

  2. ISP provided me with Sagemcom 5655 v2AC router that by default uses ports 80/443 for remote management and I had to jump through some hoops to disable that feature and instead forward those ports to the RPi. (checked with portchecker.co that port 80 is open)


Just when I thought surprises were over and I was testing how my webapp looks when accessed via domain name (Google DNS + DDClient), it didn't work. At first, I thought I still couldn't access RPi using public IP address, but then I opened Chrome dev console and saw that some resources were actually being downloaded, while others failed. That's when I tried to access website using RPi's local IP address out of curiosity and it worked just fine.



Current situation:




  • Accessing webapp using local IP address works fine

  • Accessing webapp using public IP address serves some resources (index, manifest.js), while others seem to be served partially (app.css, vendor.js) and eventually time out with net::ERR_CONNECTION_RESET error


This is how it looks when I try to load <my_domain>.net/css/app.css



enter image description here



I used ngrep to see how network traffic differs between local and public IP requests to <my_domain>.net/css/app.css and noticed something strange. While loading resource via local IP address I just saw bunch of TCP packets that contained parts of the resource, however when loading it via public IP it would end up resending the first packet multiple times until it gives up:



$ sudo ngrep port 80
interface: eth0 (192.168.1.0/255.255.255.0)
filter: (ip or ip6) and ( port 80 )
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
le,aside,figcaption,figure,footer,header,hgroup,main,na
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
####
T 192.168.1.1:64447 -> <public_ip>:80 [A]
......
#
T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
<same as first>
#
T 192.168.1.1:64447 -> <public_ip>:80 [A]
......
#####
T 192.168.1.1:64447 -> 192.168.1.128:80 [A]
......
#^Cexit
25 received, 0 dropped


I had some suspicions about RPi/Docker/nginx part of the setup initially, but once I realised that website works fine when accessed locally I don't know what to think any more. Any ideas?





P.S.



I have moved Docker/nginx to port 8080 and forwarded that port to RPi, but still experiencing the same issue.










share|improve this question





























    0















    Back-story (that may or may not be relevant):



    I have a home setup as mentioned in the title:



    WiFi router > RPi > Docker > nginx > php app


    The setup was working fine for several months, until I changed ISP. That is when I had to address several issues:




    1. ISP was using CG-NAT by default. Thankfully, I was able to request a public dynamic IP.

    2. ISP provided me with Sagemcom 5655 v2AC router that by default uses ports 80/443 for remote management and I had to jump through some hoops to disable that feature and instead forward those ports to the RPi. (checked with portchecker.co that port 80 is open)


    Just when I thought surprises were over and I was testing how my webapp looks when accessed via domain name (Google DNS + DDClient), it didn't work. At first, I thought I still couldn't access RPi using public IP address, but then I opened Chrome dev console and saw that some resources were actually being downloaded, while others failed. That's when I tried to access website using RPi's local IP address out of curiosity and it worked just fine.



    Current situation:




    • Accessing webapp using local IP address works fine

    • Accessing webapp using public IP address serves some resources (index, manifest.js), while others seem to be served partially (app.css, vendor.js) and eventually time out with net::ERR_CONNECTION_RESET error


    This is how it looks when I try to load <my_domain>.net/css/app.css



    enter image description here



    I used ngrep to see how network traffic differs between local and public IP requests to <my_domain>.net/css/app.css and noticed something strange. While loading resource via local IP address I just saw bunch of TCP packets that contained parts of the resource, however when loading it via public IP it would end up resending the first packet multiple times until it gives up:



    $ sudo ngrep port 80
    interface: eth0 (192.168.1.0/255.255.255.0)
    filter: (ip or ip6) and ( port 80 )
    #
    T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
    HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
    653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
    yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
    range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
    arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
    ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
    amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
    le,aside,figcaption,figure,footer,header,hgroup,main,na
    #
    T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
    HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
    653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
    yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
    range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
    arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
    ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
    amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
    le,aside,figcaption,figure,footer,header,hgroup,main,na
    #
    T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
    HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
    653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
    yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
    range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
    arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
    ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
    amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
    le,aside,figcaption,figure,footer,header,hgroup,main,na
    #
    T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
    <same as first>
    #
    T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
    <same as first>
    #
    T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
    <same as first>
    ####
    T 192.168.1.1:64447 -> <public_ip>:80 [A]
    ......
    #
    T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
    <same as first>
    #
    T 192.168.1.1:64447 -> <public_ip>:80 [A]
    ......
    #####
    T 192.168.1.1:64447 -> 192.168.1.128:80 [A]
    ......
    #^Cexit
    25 received, 0 dropped


    I had some suspicions about RPi/Docker/nginx part of the setup initially, but once I realised that website works fine when accessed locally I don't know what to think any more. Any ideas?





    P.S.



    I have moved Docker/nginx to port 8080 and forwarded that port to RPi, but still experiencing the same issue.










    share|improve this question



























      0












      0








      0








      Back-story (that may or may not be relevant):



      I have a home setup as mentioned in the title:



      WiFi router > RPi > Docker > nginx > php app


      The setup was working fine for several months, until I changed ISP. That is when I had to address several issues:




      1. ISP was using CG-NAT by default. Thankfully, I was able to request a public dynamic IP.

      2. ISP provided me with Sagemcom 5655 v2AC router that by default uses ports 80/443 for remote management and I had to jump through some hoops to disable that feature and instead forward those ports to the RPi. (checked with portchecker.co that port 80 is open)


      Just when I thought surprises were over and I was testing how my webapp looks when accessed via domain name (Google DNS + DDClient), it didn't work. At first, I thought I still couldn't access RPi using public IP address, but then I opened Chrome dev console and saw that some resources were actually being downloaded, while others failed. That's when I tried to access website using RPi's local IP address out of curiosity and it worked just fine.



      Current situation:




      • Accessing webapp using local IP address works fine

      • Accessing webapp using public IP address serves some resources (index, manifest.js), while others seem to be served partially (app.css, vendor.js) and eventually time out with net::ERR_CONNECTION_RESET error


      This is how it looks when I try to load <my_domain>.net/css/app.css



      enter image description here



      I used ngrep to see how network traffic differs between local and public IP requests to <my_domain>.net/css/app.css and noticed something strange. While loading resource via local IP address I just saw bunch of TCP packets that contained parts of the resource, however when loading it via public IP it would end up resending the first packet multiple times until it gives up:



      $ sudo ngrep port 80
      interface: eth0 (192.168.1.0/255.255.255.0)
      filter: (ip or ip6) and ( port 80 )
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
      653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
      yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
      range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
      arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
      ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
      amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
      le,aside,figcaption,figure,footer,header,hgroup,main,na
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
      653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
      yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
      range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
      arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
      ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
      amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
      le,aside,figcaption,figure,footer,header,hgroup,main,na
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
      653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
      yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
      range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
      arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
      ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
      amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
      le,aside,figcaption,figure,footer,header,hgroup,main,na
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      <same as first>
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      <same as first>
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      <same as first>
      ####
      T 192.168.1.1:64447 -> <public_ip>:80 [A]
      ......
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      <same as first>
      #
      T 192.168.1.1:64447 -> <public_ip>:80 [A]
      ......
      #####
      T 192.168.1.1:64447 -> 192.168.1.128:80 [A]
      ......
      #^Cexit
      25 received, 0 dropped


      I had some suspicions about RPi/Docker/nginx part of the setup initially, but once I realised that website works fine when accessed locally I don't know what to think any more. Any ideas?





      P.S.



      I have moved Docker/nginx to port 8080 and forwarded that port to RPi, but still experiencing the same issue.










      share|improve this question
















      Back-story (that may or may not be relevant):



      I have a home setup as mentioned in the title:



      WiFi router > RPi > Docker > nginx > php app


      The setup was working fine for several months, until I changed ISP. That is when I had to address several issues:




      1. ISP was using CG-NAT by default. Thankfully, I was able to request a public dynamic IP.

      2. ISP provided me with Sagemcom 5655 v2AC router that by default uses ports 80/443 for remote management and I had to jump through some hoops to disable that feature and instead forward those ports to the RPi. (checked with portchecker.co that port 80 is open)


      Just when I thought surprises were over and I was testing how my webapp looks when accessed via domain name (Google DNS + DDClient), it didn't work. At first, I thought I still couldn't access RPi using public IP address, but then I opened Chrome dev console and saw that some resources were actually being downloaded, while others failed. That's when I tried to access website using RPi's local IP address out of curiosity and it worked just fine.



      Current situation:




      • Accessing webapp using local IP address works fine

      • Accessing webapp using public IP address serves some resources (index, manifest.js), while others seem to be served partially (app.css, vendor.js) and eventually time out with net::ERR_CONNECTION_RESET error


      This is how it looks when I try to load <my_domain>.net/css/app.css



      enter image description here



      I used ngrep to see how network traffic differs between local and public IP requests to <my_domain>.net/css/app.css and noticed something strange. While loading resource via local IP address I just saw bunch of TCP packets that contained parts of the resource, however when loading it via public IP it would end up resending the first packet multiple times until it gives up:



      $ sudo ngrep port 80
      interface: eth0 (192.168.1.0/255.255.255.0)
      filter: (ip or ip6) and ( port 80 )
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
      653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
      yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
      range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
      arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
      ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
      amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
      le,aside,figcaption,figure,footer,header,hgroup,main,na
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
      653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
      yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
      range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
      arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
      ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
      amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
      le,aside,figcaption,figure,footer,header,hgroup,main,na
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c
      653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop
      yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o
      range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w
      arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun
      ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f
      amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic
      le,aside,figcaption,figure,footer,header,hgroup,main,na
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      <same as first>
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      <same as first>
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      <same as first>
      ####
      T 192.168.1.1:64447 -> <public_ip>:80 [A]
      ......
      #
      T 192.168.1.128:80 -> 192.168.1.1:64447 [A]
      <same as first>
      #
      T 192.168.1.1:64447 -> <public_ip>:80 [A]
      ......
      #####
      T 192.168.1.1:64447 -> 192.168.1.128:80 [A]
      ......
      #^Cexit
      25 received, 0 dropped


      I had some suspicions about RPi/Docker/nginx part of the setup initially, but once I realised that website works fine when accessed locally I don't know what to think any more. Any ideas?





      P.S.



      I have moved Docker/nginx to port 8080 and forwarded that port to RPi, but still experiencing the same issue.







      networking google-chrome router raspberry-pi nginx






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 20 at 16:09







      IvanR

















      asked Jan 20 at 12:33









      IvanRIvanR

      1012




      1012






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396291%2fwifi-router-rpi-docker-nginx-neterr-connection-reset%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1396291%2fwifi-router-rpi-docker-nginx-neterr-connection-reset%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Plaza Victoria

          Puebla de Zaragoza

          Musa