balena deploy -> Error: connect: connection refused

Hallo!
When trying to do the first deploy to our openbalena instance, I get the following error:
$ balena deploy jetson_nano --debug
[debug] new argv=[/home/balena/balena-cli/balena,/snapshot/versioned-source/bin/balena,deploy,jetson_nano] length=4
[Debug] Parsing input…
[Debug] Loading project…
[Debug] Resolving project…
[Debug] docker-compose.yml file found at “/home/balena/mts_rtk_xavier”
[Debug] Creating project…
[Info] Everything is up to date (use --build to force a rebuild)
[Info] Creating release…
[Debug] Tagging images…
[Debug] Authorizing push…
[Info] Pushing images to registry…
Retrying “registry.balena.mydomain.ru/v2/4afbb05dc9f0e95cec14ae5d8d1d24ab:latest” after 2.00s (1 of 3) due to: Error: dial tcp xx.xx.xx.xx:443: connect: connection refused
Retrying “registry.balena.mydomain.ru/v2/d45a967893305de7c1a6d5d11ed1d87c:latest” after 2.00s (1 of 3) due to: Error: dial tcp xx.xx.xx.xx:443: connect: connection refused
Retrying “registry.balena.mydomain.ru/v2/32807fd06439c0757b5b83e6ec3b0cd7:latest” after
[Debug] Saving image registry.balena.mydomain.ru/v2/4afbb05dc9f0e95cec14ae5d8d1d24ab
[Debug] Untagging images…
[Info] Saving release…
[Error] Deploy failed

Balena is hidden behind NAT. xx.xx.xx.xx - external address.
I’m using registry v3.1.1 and CLI v12.30.2.
I wanted to clarify: can balena work through nat

It should work but some ports need to be open for external connections. I couldn’t find a doc for that and opened an issue in the openBalena repo, but external requests should go through HAProxy and you can find its configuration for openBalena here.

It looks like you need to open the following ports at the very least:

• 80 (TCP)
• 443 (TCP)
• 3128 (TCP)

See also this thread: Necessary ports for open balena?.

Thanks for the answer!

We moved Balena CLI outside of nat and everything worked.
Thank you!

Good to know it’s working now