[SOLVED] Unable to connect to swag subdomains from outside my local network

As per the title I can successfully connect to my SWAG subdomains through my LAN e.g. h.ttps://cops.mydomain.duckdns.org>, but not from outside my local network.

Port 443 is forwarded from my router to my sever, and duckdns seems to be working fine. The nginx logs are empty. SWAG generated the certificates.

I’ve googled and played with different settings, but to no avail. Is there some special setting I’m missing?

Here are my docker and subdomain.conf settings (using the cops container as an example).


docker run -d
-e PUID=1000
-e PGID=1000
-e TZ=Europe/London
-e URL=<mydomain.duckdns.or-g>
-e SUBDOMAINS=wildcard
-e VALIDATION=duckdns
-p 443:443
-v /home/pi/swag/config:/config
–restart unless-stopped


docker run -d
-e PUID=1000
-e PGID=1000
-e TZ=Europe/London
-p 8008:80
-v /home/pi/cops/config:/config
-v /mnt/calibre:/books
–restart unless-stopped


server {
listen 443 ssl;
listen [::]:443 ssl;
server_name cops.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
resolver valid=30s;
set $upstream_app cops;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;

EDIT: Forwarded port 80 as well and reinitialised the SWAG container. Still doesn’t work. :frowning:

(Sorry about the misspelled URLS. I’m a new user and can only post 2 URLS in my first few posts)

I would encourage you to read through

and do the test to see if it works, especially considering you mention your nginx logs are blank which would imply traffic is never reaching swag to begin with

Thanks for your reply @driz. After reading through the link I managed to fix the problem - my ISP appears to be blocking ports 80 and 443 so I switched to 81 and 444.

Thanks again for your help :slight_smile:

Keep in mind, doing this will require that you specify the port on every connection. thing.yourdomain.com:444

in many cases (when NOT cgnat) you can go to your account page or call your isp and ask them to simply open 443. You do not need 80 since you’re not doing http based validation (except for 80 to 443 redirection) but you could ask for this too. Never hurts to ask. Either way, glad i helped you!