Afternoon y’all, apologies if this is brief writing this in a rush expect an edit/update.
My question is in regard to port forwarding & web hosting, I’ve forwarded port 80, 8080 & 443 from my router and my reverse proxy (traefik) is able to receive the necessary SSL/TLS certificates however, my domain is only accessible locally or via WireGuard tunnels and not the World Wide Web (which is good!) however, I can’t seem to figure out what’s preventing it from being accessible to the WWW.
My registrar is cloudflare so i figured changing my DNS or at least pushing some queries to my cloudflare nameservers would at least do something but have had no luck. For the most part I’ve been using Quad9 behind PiHole for DNS, tried using Unbound however it was a complete mess to setup.
Must end this post here - will update with more info ASAP!
You must log in or register to comment.
If you’re behind a CG NAT (carrier grade NAT), you’ll be doubly in trouble as it will be essentially impossible to get a forwarded port since your “IP” is essentially a LAN address within your ISP’s CG NAT, if that makes sense.
It does spell trouble, but you might be able to ask your ISP to give you a public IP in that case.
why do you forward the port of the webui?
Many ISPs block some traffic on those ports for residential customers in order to force you to use a much more costly business account to be able to host your own website.
This is a good point. I know there are a handful that my ISP blocks right off the bat. For me it’s 25,135,137, 138, 139, 445, 6666, 6667.
How did you get the certs? Was it though a DNS challenge or web server on port 80?
my router and my reverse proxy (traefik) is able to receive the necessary SSL/TLS certificates however
From something like LetsEncrypt?
As an HTTP-01 Challenge? Not an DNS-01 challenge?
Http challenge means that port 80 is accessible from the public internet (because that’s how LE can confirm it can reach your server via the public DNS records, proof of server ownership).
DNS-01 is about proof of DNS record ownership, and doesn’t prove public internet access.Also, what are you self hosting?
Does it really need to be publicly accessible? Or just accessible by you and people you trust?