Use reverse proxy in front of blynk local server

Hello,

I start a docker with blynk server on it, to acces to the admin i create a reverse proxy (Caddy) who generate ssl certificate automatically.

https://blynk.mydns.org {
  proxy / https://blynk-docker:9443 {
    websocket
    insecure_skip_verify
    transparent
  }
  gzip
  timeouts 300s
  proxyprotocol 0.0.0.0/0
  log / stdout "{hostonly} - {combined}"
}

I have access to the admin interface, but for some strange reason the app wont connect to my server and tell me:

Something went wrong when connecting to the server. Please check port 443 port is open in your network.

when i go without the proxy it work, I also try to use the port 9443 but still not working.

I understand the problem is from the proxy but i can manage where because i have access to the admin console

Can you help me ?

Thanks

Have you set the correct port in your app (not 8443 as in the picture)?

image

Hello,

Yeah the port is correctly set, for exemple if I bypass the caddy proxy it’s working.

But I need access to the blynk over the proxy.

Did the app use http/https to interface with the apps?

Thanks

According to Blynk docs:

Run the server on default 'hardware port 8080' and default 'application port 9443' (SSL port)

According to Caddy docs:

insecure_skip_verify overrides verification of the backend TLS certificate, essentially disabling security features over HTTPS.

I don’t know… perhaps your HTTPS gets messed up with that setting?!

Is Caddy allowed to bind port 443? Use netstat -plnt to list which program is listening on which port.

I accès over caddy to the webadmin, so caddy work for this part so I imagine all port are correctly bind in this way :

Server:443–>caddy_docker:443(networkA)–>blynk:9443(networkA)

In this configuration I have the webadmin of my local server, but the app won’t connect (I use the correct port 443 with my server host).

If I bypass caddy, the app work correctly, but I have other services to run on this https port (443)

Server:443–>443:9443(docker ip tables)–>blynk:9443(networkA)

So I’m 100% sure caddy is the issue, when I try to connect I see zero log of connections try from the app, but I have log and accès to the web admin.

So did the app use something else than http to dialog with the server?

Thanks

Don’t imagine, check it! :stuck_out_tongue:

Then I imagine :wink: that Caddy doesn’t bind that port!

I’m sure 100% the port is correctly bind by caddy if not I will not access to the admin page or my other https services (10 web api) :wink:

Then I don’t have a clue! :smiley:

Your app connects thru internet and your computer from local network?

The all server is connect to the internet and all my test are done local and exterior (lan and wan) but I have no clue either where is the problem.

For me the app didn’t use http protocol to connect, if not my caddy http proxy would pick up some stuff ?

The most strange for me is the admin access work the app didn’t…

Thanks

:thinking: Use tcpdump to dump the traffic on your server while trying to connect with app. Something must show up somewhere!

But read some of the documentation first so you can filter out unwanted traffic.

http://www.tcpdump.org/

It’s a nice idea, I look this to night went I’m home. I will return with some info :wink: