Expose port other than 80 to device public URL

I have an app in Balena that listens for HTTPS traffic on an arbitrary port, in a specific container. We don’t want this port to be 443/80 for various reasons. The host OS is configured to redirect traffic from these ports (80 or 443) to the correct ports in my other container.

I have no trouble accessing this directly, if I am on the same network as my balena device (my balena device has ip 10.0.0.104) I have no trouble accessing the content I have open on these ports.

However, I cannot access this content via the public device URL, and I have not found many settings in the webUI to change the public URL behavior.

When I attempt to connect to my balena device via the public URL, I get a too many redirects error here in Chrome or Firefox - both suggest to clear my cookies but this doesn’t solve the problem.

What can I do so that my content from my container is resolvable on the public URL?

Hey, the public URL feature can only use port 80 on the device. If you have a service running on another port that isn’t 80 but you want it to be accessible with the public URL then you will need to add a proxy/web server such as nginx which listens on port 80 and redirects to your containers port.

I found this example project that will help guide you in implementing this: https://github.com/balena-io-examples/nginx-reverse-proxy

While this project is certainly an interesting solution, I am able to resolve the following link in my browser:

https://[local-balena-device-ip]/index.html

Would I need to proxy 80 to 443 on my device in order to use the VPN URL?

edit: < > did not work the way I thought it would here.

Do you mean public URL when you say VPN URL ? Can you explain what you’re trying to do rather then me answering if you have to do X.

You can access any port on the device via the ip or mDNS domain if you’re on the same network but as you know to access the device outside (public url) it only forwards to port 80. So I think to answer your question, if you’re accessing locally you do not need a proxy.

This, combined with some other questions about or product, resolves my issue for now. The fact that only port 80 is available, and there’s no other way to make any other port available, really resolves what I was looking for.