Webserver experts

[G+_Darryl Gibbs]

Webserver experts.  I have setup my Raspberry Pi as a local (in my home) webserver to host a Wordpress blog.  I need to get my .com domain (hosted by hover.com) to forward the traffic to the Pi.  Does ANYONE have any idea where I even start with this???

 

Thanks in advance for any help!

[G+_Travis Hershberger]

I think you'll need a static IP to work with the hover service (I could, happily, be wrong, but most registrars need a dedicated IP.)  You'll want to check your router's management pages to see what dynamic dns service it supports.  Look into those dyn-dns services.  Also don't forget to forward port 80(http) and/or 443(https) to the Raspberry Pi.

[G+_Darryl Gibbs]

Thanks Travis Hershberger .  I have already created the static IP, and I'll need to setup up the port forwarding.  But what address do I give to hover to actually get traffic sent to my router?

 

I found what I believe is the IP of my router (201.xxx.xxx.xxx).  I give just this to hover?  I also have on my router the option for a DDNS option.  Currently its disabled.

 

Oh, must the port 80 be set to TCP, UDP or both?

[G+_Darryl Gibbs]

Ok I just tried it all out as you said previously.  Works like a charm!!!  thanks Travis Hershberger 

[G+_Adam EL-Idrissi]

Whatsmyip.com will give you your public IP,most likely the one you mentioned.so that would go to hover. I don't think since you're static you'd need ddns on but I could be wrong.

[G+_Travis Hershberger]

Do you have a dedicated IP address from your ISP?  If you don't know that you have one, then you 99% likely do not.  When the router updates it's IP address according to the DHCP settings it picked up, the IP address will change, which is a problem you really don't want to face.

 

That 201.xxx.xxx.xxx is the address you put into hover.  Just be ready to change it every 24 or 48 hours, and never have the DNS settings update.  DNS changes are a whole other topic I could write a page on for you if you really want.

 

The DDNS services were made to take care of this exact situation.  You can probably use your domain name with one of them, but probably have to pay for the privilege.

 

Port 80 should be TCP, apache shouldn't be doing anything over UDP.

[G+_Darryl Gibbs]

Bugger... I'm using nginx.

 

Ok, so how do I overcome the changing DNS?  Using DDNS or a DDNS service?  I'd really appreciate that DNS page!

[G+_Ben Reese]

Depending on your ISP, your IP address may not change that often. There's no NEED for the ISP to change your address except maybe just to keep you from setting up a server. Depending on how much up time you want on you're site and how often Hover.com will let you upgrade the IP on the DNS, you might get by with just manually updating the record a few times a year that you're IP changes (again, frequency depends on your ISP).

 

You could request a static IP from your ISP, but the chances of them giving that away for free is pretty slim now that IP V4 is on its way out (still).

 

There are a few free Dynamic DNS services and a few more paid services. It's been a while since I've looked into it, but I think there's a DNS record you could add that just does a redirect to another domain (or subdomain) which would allow you to have a free dynamic subdomain that is forwarded to by your personal domain name.

[G+_Ben Reese]

Oh, and one more option - again, depends on how frequently Hover.com will let you update... You could write a small application/script to run on the Pi or another computer and update the DNS record every time it detected a change in your public IP.

[G+_Darryl Gibbs]

Thanks for that Ben Reese , I'll look into it.  I also tried the www.canyouseeme.org test, and it turns out that it can't see my router.  I made a Port Forward setting for the Pi on the router, but it seems unable to find me.  Is there a port 80 for the router itself that I must change?  Or somewhere on the Pi itself?  I uncommented the line in the script to allow the Pi to listen to port 80.

[G+_Travis Hershberger]

You have port forwarding on, but traffic to port 80 still gets rejected.  My first guess is that the local firewall on the Raspberri Pi.  Try running 'sudo service iptables status | grep 80'.  If nothing comes up the firewall on the Pi is probably blocking the traffic and you'll need to add an exception for port 80.  Just google iptables and you'll fine a bunch of examples.

[G+_Darryl Gibbs]

Thanks Travis Hershberger, I'll try that and let you guys know how it goes.

[G+_Darryl Gibbs]

Travis Hershberger , if traffic to port 80 is being rejected even when I use my windows laptop, the problem could be on the ISP side?  That is, my ISP is blocking the port?

 

If that is the case, I could choose a random uncommon port number, and open that port on my router, and have the Pi listen there?  If that is a possiblility, where exactly would I change it?  'sudo pico /etc/nginx/sites-available/default'?  and inside that under server, tell it to listen to port xxx?

[G+_Travis Hershberger]

Darryl Gibbs First things first, have you tried the windows laptop when you're at home?  (I probably go ahead of myself with my last post, sorry.)  If that works, then the ISP is blocking port 80, which is common for home internet connections.  If it doesn't work, then the firewall on the Pi is blocking traffic.

 

For the ISP blocking port 80 you should be able to redirect to a different internal.  So you could tell port 34561 on the WAN side to forward traffic to port 80 on the Pi.  Really handy, and you can probably imagine how harry a network in a large organization can get without proper management.  (Network admins are underpaid I tell you.)

[G+_Darryl Gibbs]

Travis Hershberger when I check www.canyouseeme.org/ on my Windows laptop for port 80 with my IP address, it cannot see me.  In fact, it can't find me on any port!  But (once I added my home router IP to the 'forward this domain' at Hover) if I search for my domain INSIDE MY NETWORK, it all works, and the webpage comes up.  Outside of my network, I get nothing, obviously.

 

On the point of the ISP blocking port 80:  Under my Port Forwarding on the router, I have the INTERNAL set as follows: IP of Pi, start port =80, end port=80.  Then to the left of it under EXTERNAL: remote host 0.0.0.0 (as standard), start port=34561, end port=34561, and the protocol is TCP.

 

Now, do I need to direct Hover to that port 34561?  If so, how exactly?

Does Hover need any further information from me other than just my xxx.xx.xxx.xx IP address?

All the while, the Pi is still 'listening' to port 80.

[G+_Travis Hershberger]

You probably just need to direct the web browser to that port, which is quite easy once you see an example.  In the address bar just add a colon ':' and the port number to the end of the domain name.  IE: this.is.my.website.com:34561

[G+_Ben Reese]

Alright, so you mentioned that you setup a static IP on your Pi - I presume an internal IP (like 192.168.x.x or 172.x.x.x). Your router has an internal IP and an External IP (though I'm sure your aware of that). Then you might have a modem on the other side of that. Some modems NAT anything behind them so your router's WAN (public side) IP isn't actually your real public IP. If your modem is holding the public IP and not just acting as a gateway, you'll have to setup port forwarding on that too.

 

What ISP do you have? I've heard of some ISPs blocking certain ports (such as 80), but have never seen it actually does. I use Time Warner and haven't had any issues with port forwarding.

 

As others mentioned, try browsing to your PI's address directly from your Windows computer. For example, if your Pi's static IP is 192.168.2.16, open your browser on the computer and navigate to http://192.168.2.16

If you the page loads then you know either your ISP is blocking you or there's something else blocking the route from the outside. If the page still doesn't load you'll need to check your Pi's setup again.

 

My guess is that your router or modem is keeping traffic from passing through.

[G+_Darryl Gibbs]

Ben Reese Yes, I have a static IP on the Pi of the 192.168.x.x variety, and I've got my router internal and external IP.  My router and modem is an all in one, with wifi and the gateway.  I've browsed around the wifi interface but can't seem to find a NAT setting anywhere.

 

I'm not living in the USA, I'm in Brazil.  My ISP is Net Virtua.  I did some Googling last night and it seems that A LOT of customers have complained about NET apparently blocking literally EVERY Port.  Although I found one guy who says otherwise, and I'm trying to work through is suggested work around.  Since my Portuguese is pretty bad (I'm South African), I'm going to try get someone with some form of PC knowledge to call them.

 

I can browse the Pi's internal IP, and the pages load as expected.  Perfectly.  If I type in the actual domain name it even loads interally.

 

So that leaves either the ISP causing the block, in which case I'm screwed.  Or a very confused router.

[G+_Travis Hershberger]

Blocking port 80 or 443 completely would prevent you from browsing websites.  A common "fix" for an ISP blocking other services in the states is to use port 80.... because it's harder to block.  So they must have different filters for incoming and outgoing traffic at the least, possibly doing MIIM attacks to filter all their traffic at the worst.

[G+_Darryl Gibbs]

ok, so I've reset the router back to default settings, to start again.  I then port forwarded my Windows laptop (as its more visual and I understand Windows better than my Pi command line at this point) IP for ports 80, 443, and 22.  I then went to my Windows 7 firewall settings and made a rule to allow traffic from port 80,443 and 22.  I also rechecked that my static IP has no conflicts.  I then went to www.whatsmyip.org, and ran a port scan test.  Every port on its test list, including the above 3 ALL timed-out.

 

What else can I check???  Honestly, I don't know what else to do here.  And you guys have been super helpful so far, but we just not getting anywhere?!

[G+_Darryl Gibbs]

Ok, so as a matter of fact, my ISP blocks "every port" and charges people massive fees to open them.  But I have found, by the grace of God, that port 8080 on my Pi can now be seen!!  Funny thing is, its the only PC in the house that can do this.  On my windows PC, I had the router forward port 8080 to it, I shut down the firewall even, and nothing!  So that is all very beyond me.

 

So now.  The Pi has only Nginx and PHP installed on it, with a default "hello world" page (index.php).  If I type into the browser the local IP and the open port 192.168.0.12:8080, I see the default page.  If again type the external IP of 201.xx.xxx.xx:8080, the page also loads.

 

Now, I've tried this as an experiment, which failed:  At Hover, I made http://201.xx.xxx.xx:8080 my "forward to domain" entry.  All DNS settings (A,A,CNAME,MX - which I have no idea what they mean anyway) are set to the Hover standards.  However, when I type in my doman URL of www.marginallytactful.com into the browser, I get sweet nothing.

 

Ideas?  At least we seem to be moving in the correct direction!

[G+_Darryl Gibbs]

Gentlemen, Travis Hershberger Ben Reese , we have done it!!  If you visit www.marginallytactful.com, you should see a stupidly simple message saying that its the future home of my blog.

 

Thank you so much for your help in making this work, the stuff I learnt from you both was invaluable!!

 

In the end, this is what made it work.  A port.  Thats it.  My ISP (through even more trolling throgh the internet I've done today) seems to be generally hated for blocking absolutely every port, except port 8080, which one guy found completely by accident.  Once I port forwarded to that, told my Pi where to look, and told Hover to look at my router IP through that port.. Everything worked out.  So hopefully my ISP doesn't get wise to this.

 

The one thing I'd like to solve is why can the world (www.canyouseeme.org) can see my Pi, but not my laptop?  Weird.  

 

Anyway, gents, thanks again!  All the best to you!

[G+_Travis Hershberger]

Nice job sleuthing that one out.