I have an octoprint server running behind a standard router firewall (using TP-Link Deco routers). I can get access to it if I forward external port 5000 to internal port 80. However, if I use any other external port (e.g. 5200, 8000, etc.) it does not work. The reason I'm trying an alternate external port is that I actually have 2 octoprint servers (running on 2 different RPI's) and I'd like to use different extern ports to determine which one to connect to.
My understanding was that with HAProxy, it listens on port 80 and then forwards it to internal port 5000. However, why should it matter what external port I use? If I correctly understand how the router works, it just takes any external request to port 5000 and forwards it to the specified internal IP at port 80. Why should it or Octoprint care what extern port I use as long as it gets forward to port 80?
What did you already try to solve it?
Tried various external ports, but only port 5000 works.
Have you tried running in safe mode?
No relevant
Did running in safe mode solve the problem?
Not relevant
Systeminfo Bundle
You can download this in OctoPrint's System Information dialog... no bundle, no support, unless the reason you couldn't retrieve the bundle is your network issues octoprint-systeminfo-20260203125846.zip (14.0 KB)
This could be very dependent on how it's doing the forwarding. Since you mention Deco, if I'm not mistaken that also adds the additional complexity of a mesh network and NAT traversal may be getting screwed up somehow during the process.
Rather than simply port forwarding through your router, I would recommend looking into VPN options on the router to allow remote access, or other VPN solutions for more secure remote access, like tailscale or one of the various plugin options.
You have the ports backwards. The internal port on octoprint is 5000. The external port is 80. If you change the internal port to something other than 5000, then there is nothing there for it to connect to
That's technically correct, but I'm going to infer because they mentioned haproxy that they either used an OctoPi image or octoprint_depoloy's haproxy option and therefore the pi/server device is actually listening on port 80 (and technically 443 for https). Which brings up another good point. It would be better to forward to at least a secured https connection rather than unsecured http.
What they are saying is that if they forward any external port other than 5000 to the internal device's ip on port 80 it doesn't work at all. It still boils down to how the router is forwarding. Is itself acting as a reverse proxy, and therefore additional configuration steps are needed or it a pure NAT port forward?
I'd be interested in seeing the results of the reverse proxy test page of OctoPrint when it's not able to load. Append /reverse_proxy_test/ to the end of your ddns.net address:port combination.
Thanks for your input. I figured out the issue. It turns out I had a double NAT setup, where my Deco is plugged into an Xfinity router and I needed to open the ports on the Xfinity router as well.
Also, just to clarify, each of my Octoprint servers IS at a different internal IP address (let's call them IP1 and IP2). I'm using NAT port forwarding to forward one external port (5000) to IP1:80 and another external port (let's say 5200) to IP2:80. However, only forwarding external port 5000 was working because that port was already open on the Xfinity router, but not the other ports.