pretendo-docker on my own VPS. (Public proxy).

[rraptor06]

hello, I would like to put pretendo-docker in public on my VPS Server on my ip, in the file compose.yml in the mitmproxy-pretendo part I modified the 127.0.0.1:8080 by just the port 8080:8080 and then when I go to my browser and on the ip of my vps with the port 8080, it gives me a timeout error, if you could help me please ?

[MatthewL246]

Hello! I think that my reply in this other issue may be relevant: #86 (comment)

By default, mitmproxy blocks IPs outside your LAN for safety reasons because bad actors will abuse open proxies on the Internet to send spam and attacks.

You can disable this by editing the command line of mitmproxy-pretendo in compose.yml, add --set block_global=false to the end. I strongly recommend also setting a username and password for your proxy by adding --set proxyauth="username:password" (but choose a better username and password of course!) to prevent bad actors from abusing your proxy server. You'll just need to inform everyone else what the username and password need to be when they set up the proxy in the console's Internet settings.

[rraptor06]

thanks you so much

[rraptor06]

mmh, strangely when I put --set block_global=false at the end of the command: line on mitmproxy-pretendo part the ip on port 8080 always blocks at a timeout, I don't know if I did it wrong, sorry if I'm stupid or if I misunderstood the thing.

[MatthewL246]

I'd suggest checking your VPS provider's dashboard for firewall settings in that case. Some hosting providers set up a firewall that blocks incoming connections by default.

[rraptor06]

I'm using debian and I just opened ports 8080 and 8081 (mitmproxy port) and I still have nothing.

[MatthewL246]

Connection reset can be caused by many different things, unfortunately. Let's first check whether the traffic is reaching your VPS. You might need to install tcpdump from your repository first. Then, run tcpdump port 8080 and try to connect to the port again. If nothing shows up, the traffic isn't reaching the VPS. If it does show something, something with mitmproxy is probably misconfigured.

Also, just to make sure, you did re-run docker compose up -d after changing the command line, right?

[rraptor06]

after adding your command line in command: I restarted docker by doing docker compose up -d --build

[rraptor06]

I installed tcpdump and I checked the traffic of port 8080 and I don't see any packets, I just see a little message

tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes

and I was told that it might be the firewall or maybe cloudflare that was blocking the connection but I don't know if it's true..

[MatthewL246]

If you're accessing the IP of your server directly, it shouldn't be a Cloudflare issue. Theoretically, if you were trying to access mitmproxy through a Cloudflare domain, that might cause an issue because I don't think Cloudflare supports hosting proxy servers (?). But you said you were going to the IP of your VPS in your first post here, so Cloudflare shouldn't even be involved here.

Based on your tcpdump results, there is something in between your computer and your VPS that is blocking the connection. It could be a firewall on your VPS (Debian doesn't have a firewall enabled by default, so you would have known if you manually set this up), your hosting provider's firewall (which it sounds like you already opened, so this shouldn't still be the issue), or even some firewall on your computer or router.

[rraptor06]

otherwise I can reinstall an image to put Ubuntu and redo the test if you want, but it's still weird that something blocks me from going on it

[MatthewL246]

I don't know if switching to a different OS would fix it, but you can try. It's hard for me to tell what exactly is blocking the connection because there are just so many different factors.

[rraptor06]

Sorry again, but I tried to search for myself and since I have a VPS from Ionos, Ionos only accepts the basic ports [22,80,443] etc. and blocks the other ports, to test I added a port rule 8080 and it takes me to the IP with the port, my VPS was fine in the end, it's just Ionos that was blocking the other ports, thank you.

[rraptor06]

just the NEX servers that don't want to load strangely but the rest works fine it seems, and miiverse too lol

[MatthewL246]

Glad to hear you got it working! Sounds like these port rules are similar to the VPS provider firewall rules I mentioned earlier.

Not being able to access the NEX servers is very likely the same issue- you'll also need to allow UDP ports 6000-6050. (Only ports 6000-6011 are used right now, but future updates will use more ports in this range).

[rraptor06]

Okay, thanks you so much, its the same for miiverse ?

[MatthewL246]

No, Miiverse should just work because it's also proxied through mitmproxy. Did you follow the steps to compile a custom version of Inkay?

[rraptor06]

Yes

[MatthewL246]

I'd recommend checking the mitmproxy interface (port 8081). There are two places to check for errors here:

• The requests lists for failed requests (the response code will be colored red instead of green)
• The mitmproxy log for things like SSL errors (there should be a checkbox to show the log inside the "View" tab at the top)

[rraptor06]

i dont have access to port 8081

[MatthewL246]

Ah, right. You'll also need to remove the 127.0.0.1: part of this line, restart mitmproxy with docker compose up -d, and allow port 8081 through Ionos to access that. Sorry that this is all such a pain to set up with a VPS, it was originally designed to run on a computer on the local network, but clearly an easier configuration for VPSs is needed.

pretendo-docker/compose.yml

Line 11 in 4efc8d0

- 127.0.0.1:8081:8081

[rraptor06]

Mitmproxy works now, thanks! But I will explain my problem, Miiverse works but can't load the page (same for the account settings) and also I added to test the port 6001, 6002, 6003 only in UDP to test the friends NEX server and the connection eventually fails.

[MatthewL246]

Checking for errors in mitmproxy (#231 (comment)) should (hopefully) show why Miiverse isn't loading correctly.

[rraptor06]

finally I succeeded, I had the old certificates of the mitmproxy of the pretendo-docker, sorry for wasting your time, I'm a bit stupid these days lol, anyway thanks for all. I'll try later to do an update to add more NEX servers especially for the Nintendo 3DS because the only 2 that are there are friends and super mario maker but super mario maker on 3DS has trouble working I don't know why but oh well..

[MatthewL246]

Ah yes, the mitmproxy certificate can sometimes get regenerated. Glad to hear you got it working!