Hello,

I installed Openremote on a VPS with Ubuntu 22.04. I’m using the latest docker-compose.yml file from github.

My VPS has a public IP x.x.x.x , so I am starting with the following:
OR_HOSTNAME=x.x.x.x OR_SSL_PORT=8443 docker-compose -p openremote up -d
or
OR_HOSTNAME=x.x.x.x docker-compose -p openremote up -d

All goes well. Containers are up and running (checked with docker ps -a).

However, when accessing https://x.x.x.x:8443/ using GoogleChrome, I get the following:

This site can’t be reached

x.x.x.x refused to connect.

Try:

• Checking the connection
• Checking the proxy and the firewall

ERR_CONNECTION_REFUSED

I was able to run a basic install on local machine / localhost, but I am really lost on VPS. I was also having a clean install, with web server up an running and I could access http://x.x.x.x . Sure, I was stopping apache once I started docker, to avoid any port conflict.

Could you please help.

Many thanks,
Andrei

TLS protocol would not work with a bare public IP. You’ll need to have a domain name and configure its DNS zone to point a some domain valid name to your public IP. Usually, you need to create an A or AAAA record inside the DNS zone to do this.

I was trying it with domain name as well, creating first an A record inside the DNS zone. Still same behaviour. I guess my problem would be the correct config of the docker-compose file.
Ca you point to any “template” or example I can use? I am now using this one from Quickstart instructions.

Hi,

An ERR_CONNECTION_REFUSED is typically a TCP-RST packet received from the server by the browser. In your situation, the firewall is letting TCP traffic through, and your server’s operating system answers with a TCP-RST because no server socket is bound to port 8443.

Can you confirm the error ERR_CONNECTION_REFUSED is coming immediately? Can you ensure it is not a timeout? A timeout is a firewall issue, which I assume is not the issue here. Can you confirm the error ERR_CONNECTION_REFUSED is even there if the servers are not running?

To test this hypothesis, can you run the following command? It is an independent docker server showing “It works” when properly configured.

docker run -p 8443:80 --name httpd-container httpd

Hopefully this will help a bit with troubleshooting.

Peter

Thanks for your reply. ERR_CONNECTION_REFUSED is coming in couple of seconds and it is even there if the servers are not running.

I’ve been running

docker run -p 8443:80 --name httpd-container httpd

and accessing

https://xxx.xxx.xxx.xxx:8443/

gives the following:

This site can’t provide a secure connection

xxx.xxx.xxx.xxx sent an invalid response.

• Try running Windows Network Diagnostics.

ERR_SSL_PROTOCOL_ERROR

I am running out of ideas

Hi,

The error you get now is typical. It is an HTTP server, not HTTPS. It complains about the certificate. If you go to http://x.x.x.x:8443/ it will work. But that does not bring you closer to a solution.

You have learned the following things:

• Your Firewall is OK.
• You can run a server
• Something is seriously wrong in accepting SSL/TLS traffic on port 8443.

You can try to figure out why it fails by looking into the logs of the proxy container. I was wondering if letsencrypt will work on non-normal ports. A quick Google says no (https://community.letsencrypt.org/t/certbot-letsencrypt-on-different-port-than-443/173632) Even if you fix this, you will keep running into non-compliant issues.

Maybe the fastest solution is to buy a new VPS with a dedicated IP and stick to the standard settings used by 99% of the users. If that is not possible, please familiarize yourself with the art of configuring haproxy as a reverse proxy for your other services working currently on your current server. So Openremote and your original services can coexist on the same system.

Have some fun!

Peter

This topic was automatically closed after 90 days. New replies are no longer allowed.