ODK Aggregate Server NAT Mapping Failure

What is the problem? Please be detailed.

I installed ODK Aggregate on an Ubuntu 18.04.1 Virtual Machine. Access is working fine, within my internal network. I have been trying to have access to it from the Internet but to no avail. I have a public IP address where i have created a static NAT mapping using port 8080. There is another service (DHIS2) running on the same IP but with a different port number and that is working fine and accessible. Is there some config i need to change on the Aggregate server to have this working?

What ODK tool and version are you using? And on what device and operating system version?

ODK Aggregate Server 1.6.1, Ubuntu 18.04.1 host

What you have you tried to fix the problem?

Just to make sure it wasn't the internal IP addressing, i tried swapping the internal IP addresses and the port number of the two services and the other one still works fine.
I tried running the installer and putting the public address instead of the private address with the same 8080 port number. I also tried editing the security.properties file in the ODKAggregate-security.jar to use the public address but that also failed. I still keep getting a '400' error.

Hi, @ChipoHankumbaMuleya!

Some thoughts:

  • The HTTP 400 error you're getting is hinting that the NAT configuration is working. If it wasn't, any request would simply timeout or show a connection error, not an HTTP error
  • You're right on track by changing the security.properties file to use your public IP. Without this, Aggregate won't work in your scenario.
  • Did you restart Tomcat after changing the security.properties file?
  • How/where did you deploy the aggregate WAR file?
  • Is the server accesible from the internet? Could I poke around?


Did you restart Tomcat after changing the security.properties file?

Yes i did.

How/where did you deploy the aggregate WAR file?

The .WAR file is deployed in //var/lib/tomcat8//webapps/ for Ubuntu 18.04.1

Is the server accessible from the internet? Could I poke around?

That's the problem. Its not accessible from the Internet. When i change the address in the security.properties and access the server from the internal address, I'm even promoted for username and address after which it redirects to the public IP which gives me the '400' error. By poking around, do you want to try accessing it from there? I could inbox you the IP address.

Yes, you could send me credentials to ggalmazor@gmail.com

So, here I am again, still having this problem. I've tried with version 1.7 and currently on Version 2.0 but still no joy. I've changed the listening port to 80 as 8080 was restricted on the provider's security appliance. Typing my inside address gives me a log in prompt, then "ERR_CONNECTION_REFUSED" upon trying to open x.x.x.x/Aggregate.html. I've removed all nat configurations on my router as the providers network is a routed network as thus all the routers already know about my network and how to get there. I'm starting to think its either an Aggregate configuration error or security appliance misconfiguration and not a nat problem. By the way, port 80 on the public address is open and available.

Have you tried using the Aggregate VM. Does that work?

@yanokwa Hello. I finally managed to get ODK accessible from the Internet. Looks like it was an issue with the security appliance. Now the problem i have is that when I cannot access it from my internal address using the public address. This means even when i try to access it using my internal address, it redirects to the public address after logon and fails