Hi, I am very very new to all this, but I’ve been at it for a while, and I can finally connect to my instance on my local network, but it can’t be connected to by outside networks and does not show any activity from the rest of the fediverse. I have ports 80 and 443 open, and through letsencrypt I redirect port 80 to port 443, any ideas what my problem might be? Any help is appreciated
Can you check if the default gateway is set properly on the machine running mastodon?
Hi, I am so sorry, how do I check/set this?
It depends on what kind of system your mastodon instance is running on. Can you reach anything outside of a local network from that machine?
Yes, I can. I am running it off of an raspberry pi 4, which is running ubuntu 18.04.
Can you show me how do you reach the instance from the “local network” and how from the outside?
I use the url to connect to it from the local network, I get to it from any machine on the local network, but when I use the url to connect to it from an external network it does not work.
What is an “external network”? The Internet? How does the IP address looks like if you
ping _hostname_of_the_instance ?
The internet, yeah, it says destination host unreachable
Are you using “private IP addresses” for your local network? One of those
If yes, those can’t be normally reached from the outside.
Yep, that looks like what I’m using. Any way to fix it?
There must be a gateway to the outside world, a router. It should have a public IP address like 198.51.100.25 (an example).
Then two things need to happen:
- That gateway needs to be told to forward HTTPS traffic (port 443) to the machine running Mastodon. This is usually called “port forwarding” or something, depends on the gateway’s software.
- You need to tell Domain Name System that your.instance.name is not your private IP address 172.x.y.z but that public IP address 198.51.100.25 instead.
This might be tricky if 198.51.100.25 changes from time to time (happens often on home broadband connections). In this case you might want to use a so-called Dynamic DNS service somewhere, so that the IP address of your instance.
So, I should point my DNS to my router instead of my machine directly?
If the router has a real Internet public address and the port forwarding is working, then yes.
Thank you so much, I’ll try that, how do I go about finding my public ip?
Your router should give you that.
Okedoke, Thank you, I think I found it. I don’t have a public ip6, will this be an issue?
Only with instance without IPv4 (rare).
Be sure to not have any AAAA record in your DNS, other instances with the choice of v4 or v6 will prefer to use v6 and will not be able to connect to your instance.
To test/confirm your ports (80 and 443) are open to the outsite, you can use something like this site : Open Port Check Tool - Test Port Forwarding on Your Router
Thanks for the advice! I got rid of my AAAA record, but now I’m running into a new problem, the website says port 80 isn’t open on my router but I set it as open using the port forwarding option, does this mean my ISP is blocking port 80?
This is very possible. At least, it’s a common practice for residential accounts with major ISPs in my area.
The incoming on port 443 is most likely blocked by your ISP as well.
Sometimes switching to a business plan with your ISP can solve this (and the dynamic IP) problem.
You can also consider shopping around for an alternative ISP, smaller ISPs are less likely to censor incoming ports in my area.