Problem setting up HTTPS service on port 8443

I am trying to set up a connection to the admin web UI for my UniFi controller. For the service type I choose HTTPS. For the service URL I put in the hostname, but when I specify port 8443 in this field it automatically changes the service type to NextCloud. Then when I try to connect I get the message “Bad Request
This combination of host and port requires TLS.”

If I try to set up the service a different way, by choosing HTTPS, but instead of trying to specify a port here, I edit the URL template in the connection configuration and enter port 8443 there, when I try to connect I get “This site can’t be reached. [host] took too long to reply.”

I feel like the fact that trying to specify a port with an HTTPS service forces it to change to NextCloud has something to do with it. I had another service set up for a web UI. It was supposed to be HTTPS and it uses the standard port but it got set as NextCloud for some reason. When I tried to connect I got “403 connection not available.” But as soon as I changed the service type to HTTPS it connected straight away.

So how can I set up an HTTPS service with a custom port? Or is there something else I should be doing?

I do not think it matters that it picks next cloud, not sure why it switches you, but it should work. When you talk without it uses https://ip:8443 and it works fine right, does it switch from port 8443? Does the UniFi controller work with an IP address or only a hostname? This could be the key. I assume your connecting this as a jump target from another device?

Yes, when I try without going through https://ip:8433 works fine. And yes UniFi works with an IP address or a hostname. Either way I get a security warning but besides that i can connect just fine. I have also tried setting it up in both ways, hostname and IP. It does stay on port 8443. Yes it is a jump target. My host is a docker container on a Raspberry Pi.

OK make sure you can reach your host from your docker container, sometimes you have to use the docker network gateway for the host IP.

So try wget or curl to your https://ip:8433 in a shell of the running docker container, make sure it works.

For example in my docker container if I type route:

/ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         UG    0      0        0 eth0      *          U     0      0        0 eth0

On my particular device in this example I must use to get to my host ssh server.

so if your docker gateway was you might try

If your docker container can see it and work, then remoteit should work with that configuration

If all that does not work then look at the web console in the browser and look for errors in the network section. It should show you the links it is trying to hit and the problem ones.

I can reach the host from my containers. In fact I have several services set up in for several different containers in this same docker instance and I have set them all to point to the docker gateway address. I can replace that address with the IP or hostname of my Raspberry Pi and they all work fine like that as well. But I prefer using the docker gateway address because It’s the least likely to change. They all work perfectly, except for UniFi.

When I run ‘curl https://ip:8433’ or ‘wget https://ip:8433’ they both see it there but complain about a bad ssl cert. I was actually wondering along these lines before I did this test. Could the fact that the UniFi defaults to https with a self signed certificate be the issue. Is trying to validate the certificate and is there a way to tell it not to?

The documentation for the UniFi container I’m using mentions that if it’s put behind a strict reverse proxy that validates certificates, the reverse proxy would need to be configured to disable that check for this container. Can such a thing be done with if it validates certificates?

What do you mean by “look at the web console in the browser and look for errors in the network section”? Do you mean the web console? If so, I don’t have any networks set up so there is no information to be found there. If you mean something else, please clarify.

A few more things to try, are you using desktop or webapp to connect?

web console is in your web browser for example this is the network in the console on my firefox browser:

Sometimes this will catch some unknown redirect or other problem, and if you know what it is you can fix it.

I do not have a Unifi device so I cannot try.

I’m using the web app. I tried desktop with no difference.

I see wat you mean now about the web console. It didn’t really give any clues, just shows 400 status.

I managed to get it working by changing the service type to TCP. Now I get an invalid certificate warning but it still lets me load the page. This what I expect and normally I get when I’m onsite due to the self signed certificate. Is there any issue with this approach you can see?

Otherwise, thanks @mycal for helping me work through this problem.

If you file a support ticket, I’m sure it can be investigated and fixed.

Glad you have a workaround, but be nice to have it work correctly.