Question - Windows Server OS only?

[WanaGo]

Hi Thanks for providing this. Is this however only possible on a Windows Server installation? Can it be done on something like Windows 10 PRO or Windows 11 PRO versions? or does it specifically have to be a Server install? I wanted to use a spare PC as a nightscout server, but dont have a Server OS and didnt specifically want to have to buy it if it can be done on the PRO version of Windows 10 or 11 etc. Thanks

[jaylagorio]

Hey there! You should be able to follow all of these directions on Windows 10 and 11 Pro with the possible exception of anything IIS-related. I don't recall if the IIS packages are included in that SKU even if you pretend it's a dev box but everything else should work.

[WanaGo]

Hi @jaylagorio Thanks. I gave it a go with Windows 11 Pro. It has IIS so shouldnt be a problem there. I am a bit stuck with trying to get Nightscout running though. When I browse localhost:443 I just get 'Loading the client', and it never changes. It never comes up with the Profile etc.

In the step where you do the whole npm install --msvs_version=2015 it had a large number of warnings, and also talked about some version of something needing to be updated, but I am unsure if that is related to what I am seeing.

If I simply go to http://localhost, I get a generic Windows Internet Information Services screen showing, not nightscout.

Any idea what I might have done wrong?

When I run the 'node server.js' manually, it connected to mongo fine, and had a number of things it did before showing the whole 'emitted clear_alarm to all clients' part, so from what I can see that part is working, but I am a bit stuck as to why I cant load the nightscout profile etc.

Any ideas?

What I end up wanting to do is the whole Reverse lookup thing, and use DuckDNS to get a host name and point it back to this little server so I can use AAPS with this nightscout server. I really hope that is a possibility.

[jaylagorio]

I think I need more information to help you out. Assuming you assigned a host name to a new site for your reverse proxy, going to http://localhost/ isn't going to get you to the right place because it won't recognize you want to hit the reverse proxy IIS site. There are a lot of layers to trouble shoot at this point, consider it like this:

Android device -> IIS reverse proxy hosted on :443 -> Nightscout host on :PORT

Looking at the environment variable sections what do you have configured for the PORT variable? On the same system you're running Nightscout on you should be able to go to http://localhost:PORT/ and see Nightscout directly.

One other tip is to configure PORT to be something like 81 and make sure to set INSECURE_USE_HTTP as directed. Then you point IIS to that port and give IIS a certificate to have IIS be the service listening on 443. At that point your DynDNS provider should work but it's important to troubleshoot each link in the chain. Make sure you don't have your firewall open on the insecure port, just 443.

As to the warnings you see during the NPM installation command, I've seen lots of those so it'd be good if you can rerun it and paste those here too. That said, if you see the clear_alarm message I'm not too worried about the installation at the moment.

[WanaGo]

Hi again

Looking at the environment variable sections what do you have configured for the PORT variable? On the same system you're running Nightscout on you should be able to go to http://localhost:PORT/ and see Nightscout directly.

443 is the PORT, just like your guide. Yes, going to http://localhost:443 on the same nightscout machine, goes to Nightscout, but as I mentioned, it doesnt get passed that 'loading' screen. It just sits there 24/7 on the 'Loading the client' screen, with the dots moving along. It never gets to the Profile.

INSECURE_USE_HTTP is as you directed, I followed the guide 100%.

I will try something like port 81. How do you give IIS a certificate though? Your guide only opened port 80 on the windows firewall, not 443. I have both open on mine.

Thanks

[jaylagorio]

OK, I see the miscommunication. Setting PORT to 443 is only for when you have Nightscout running stand-alone and directly Internet-facing. If you're trying to put IIS between the Internet and Nightscout you have to set the PORT to something other than 443, for example 81, and then expose only IIS's 443 to the Internet. The way you have it now I expect there's a conflict so both IIS and Nightscout aren't going to play nicely. Make sure to move Nightscout to a different port before setting up IIS. I may have made some assumptions in the guide and will address them in the next update.

As to getting a certificate for IIS, you can get them for free. Check out Let's Encrypt and use (Certify The Web)[https://certifytheweb.com/]` to automate replacement of the certificates before they expire. They're both free to use, though Certify The Web has a paid version - that's overkill and you don't need to pay for it.

First things first, change your PORT to 81 and see if you can access Nightscout successfully from the same system by going to http://localhost:81 in a web browser.

[WanaGo]

Thanks for that, ill give PORT 81 a try.

Regarding what you said though, what do you mean by 'Nightscout running stand-along and directly internet facing' ? This is on a separete little system, fresh install, nothing else on it. Its connected via Ethernet to my Router, and to the internet. I want to use it for AAPS, so needs Nightscout https access via a host dns. I am just a bit confused by that part in quotes, vs what else it would be...

Yes I already have Certify the Web installed, and ran that and did a DNS certificate, but unsure yet if that works, but ill find out soon with this port 81 hopefully.

But still my question stands about Nightscout itself, being stuck on the Loading the Client part, and not progressing to the profile.

Thanks

[WanaGo]

So PORT 81 loads locally with localhost:81, but again stuck on this Loading the Client screen.

In IIS, I followed your instructions in your guide. I then also added a Certificate from Certify the Web, based on the host DNS I am using (XXX.duckdns.org), I did the DNS Validation method. I think that is correct... I did the Manual version as Duck DNS was not listed in there. It then asked for the API Token or whatever it was, and so I put that in, and it said to put the value in the TXT of the DNS, so I did that using the duckdns.org/update call I found online, where you put your token and the TXT value etc. When I go to a DNS checker site, it comes up with the value I entered.

So then going back to IIS, I can see the certificate listed under Server Certificates. Under the Sites, NightscoutProxy site, Bindings, I have 2 listed. http and https. http has the Host Name of my DNS with duckdns, and is port 80. Then https is the same host but port 443, and then in there I listed the SSL certificate. I am not sure if I need to set the IP to 'all unassigned' or to the IP of this 'server'.. I have tried both and neither work. I just get cant reach the page, ERR_CONNECTION_REFUSED.

Maybe I have the URL Rewrite stuff incorrect, I followed what the guide said but unsure if that was talking generals or if that is what I specifically needed to input.

This is all new to me if you cant tell :)

Thanks

[WanaGo]

Ah one step forward. I have it working on the http now with the duckdns hostname, it goes to the same screen as the localhost:81. https 'refused to connect' with ERR_CONNECTION_REFUSED however.

[WanaGo]

In my router, I am port forwarding ports 80 to 80, and 443 to 443, to the IP of my nightscout server/pc. I was playing earlier, and going to my DNS host name would default to http and it would go to a HTTP Error 404 page. If I change the router port mapping, to go from 80 to 81, then when I go to the DNS host name, it loads up nightscout as per the image in my previous message. Is that how it should be? I would have thought port 80 would have gone into IIS and be pointed to the right thing, but maybe I dont understand how that works. So I tried changing to 443 to point to port 81 of the nighscout PC too, but that didnt work any better than what it was.

should it be 80 to 81, and 443 to 81, or should it be 80 to 80 and 443 to 443, of the LAN IP of the Nightscout PC?

Bit confused as to what is actually going on with all these moving parts, and I cant find any log as to what is actually going on or failing.

[jaylagorio]

Yes, there are a lot of moving parts but it looks like the problem originates early - going to http://localhost:81 needs to work first before we can figure out the problems with linking all the other ports and services together. Maybe your installation isn't quite where it needs to be so let's take a look a that first.

1. Open a command line prompt to your Nightscout directory, type node server.js and hit enter
2. When you see the clear_alarm message, wait one minute
3. Hit Ctrl+C to kill the process and keep the command line window open

Scroll back and copy/paste everything in your command line window here, make sure to use a Code block so it's easy to read.

[WanaGo]

Here you go

C:\Nightscout>node server.js
API_SECRET has 72 bits of entropy
Executing startBoot
Executing checkNodeVersion
Node LTS version v16.20.2 is supported
Executing checkEnv
Executing augmentSettings
Executing checkSettings
Checking settings
Executing setupStorage
Setting up new connection to MongoDB
Successfully established connection to MongoDB
Mongo user role seems ok: [ { role: 'readWrite', db: 'Nightscout' } ]
Mongo Storage system ready
Executing setupAuthorization
ensuring index for: name
ensuring index for: name
Executing setupInternals
Pushover was NOT configured
Executing ensureIndexes
Ensuring indexes
ensuring index for: date
ensuring index for: type
ensuring index for: sgv
ensuring index for: mbg
ensuring index for: sysTime
ensuring index for: dateString
ensuring index for: [object Object]
ensuring index for: created_at
ensuring index for: eventType
ensuring index for: insulin
ensuring index for: carbs
ensuring index for: glucose
ensuring index for: enteredBy
ensuring index for: boluscalc.foods._id
ensuring index for: notes
ensuring index for: NSCLIENT_ID
ensuring index for: percent
ensuring index for: absolute
ensuring index for: duration
ensuring index for: [object Object]
ensuring index for: created_at
ensuring index for: NSCLIENT_ID
ensuring index for: startDate
ensuring index for: type
ensuring index for: position
ensuring index for: hidden
ensuring index for: created_at
Executing setupListeners
Executing setupConnect
Skipping disabled nightscout-connect
Executing setupBridge
Dexcom bridge not enabled
Executing setupMMConnect
MiniMed Connect not enabled
Executing finishBoot
tick 2024-08-26T23:54:48.407Z
Boot event processing completed
Security settings: INSECURE_USE_HTTP= true , SECURE_HSTS_HEADER= true
API KEY present, enabling API
enabling feature: careportal
enabling feature: iob
enabling feature: cob
enabling feature: openaps
enabling feature: pump
enabling feature: bwg
enabling feature: rawbg
enabling feature: basal
enabling feature: treatmentnotify
enabling feature: bgnow
enabling feature: delta
enabling feature: direction
enabling feature: timeago
enabling feature: devicestatus
enabling feature: upbat
enabling feature: errorcodes
enabling feature: profile
enabling feature: bolus
enabling feature: dbsize
enabling feature: runtimestate
enabling feature: ar2
ensuring index for: identifier
ensuring index for: srvModified
ensuring index for: isValid
ensuring index for: identifier
ensuring index for: srvModified
ensuring index for: isValid
ensuring index for: identifier
ensuring index for: srvModified
ensuring index for: isValid
ensuring index for: identifier
ensuring index for: srvModified
ensuring index for: isValid
ensuring index for: identifier
ensuring index for: srvModified
ensuring index for: isValid
ensuring index for: identifier
ensuring index for: srvModified
ensuring index for: isValid
Production environment detected, enabling Minify
Listening on port 81 null
Load Complete:

data loaded: reloading sandbox data and updating plugins
For the COB plugin to function you need a treatment profile
For the Basal plugin to function you need a treatment profile
ALARM SOCKET: emitted clear_alarm to all clients
tick 2024-08-26T23:55:47.413Z
Load Complete:

data loaded: reloading sandbox data and updating plugins
For the COB plugin to function you need a treatment profile
For the Basal plugin to function you need a treatment profile
^C
C:\Nightscout>

[jaylagorio]

At this point I'd delete your Nightscout installation and start it over. Once you're ready to start the installation process type cls to clear the screen, do the installation, and then when it's done scroll all the way back and copy/paste that here (again in a Code block).

[WanaGo]

OK Here you go, I deleted the c:\Nightscout folder, and pulled it again from Git and ran the npm install part.

This is the Node.js command prompt log:

Your environment has been set up for using Node.js 16.20.2 (x64) and npm.

C:\Windows\System32>cd \

C:>cd Nightscout

C:\Nightscout>npm install --msvs_version=2015 npm WARN old lockfile npm WARN old lockfile The package-lock.json file was created with an old version of npm, npm WARN old lockfile so supplemental metadata must be fetched from the registry. npm WARN old lockfile npm WARN old lockfile This is a one-time fix-up, please be patient... npm WARN old lockfile npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'nightscout@15.0.2', npm WARN EBADENGINE required: { node: '^16.x || ^14.x', npm: '^6.x' }, npm WARN EBADENGINE current: { node: 'v16.20.2', npm: '8.19.4' } npm WARN EBADENGINE } npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead. npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead. npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead. npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead. npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead. npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead. npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead. npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead. npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.9: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead. npm WARN deprecated @humanwhocodes/config-array@0.5.0: Use @eslint/config-array instead npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142 npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead. npm WARN deprecated @babel/plugin-proposal-class-static-block@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead. npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.20.5: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead. npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead. npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead. npm WARN deprecated har-validator@5.1.3: this library is no longer supported npm WARN deprecated har-validator@5.1.3: this library is no longer supported npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead. npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead npm WARN deprecated abab@1.0.4: Use your platform's native atob() and btoa() methods instead npm WARN deprecated glob@7.1.6: Glob versions prior to v9 are no longer supported npm WARN deprecated domexception@1.0.1: Use your platform's native DOMException instead npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin. npm WARN deprecated left-pad@1.3.0: use String.prototype.padStart() npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau npm WARN deprecated @humanwhocodes/object-schema@1.2.1: Use @eslint/object-schema instead npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.0: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated request@2.88.0: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated uuid@3.3.2: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.3.2: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated superagent@3.8.3: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net

nightscout@15.0.2 postinstall webpack --mode production --config webpack/webpack.config.js && npm run-script post-generate-keys

Browserslist: caniuse-lite is outdated. Please run: npx update-browserslist-db@latest Why you should do it regularly: https://github.com/browserslist/update-db#readme [BABEL] Note: The code generator has deoptimised the styling of C:\Nightscout\node_modules\jquery-ui-bundle\jquery-ui.js as it exceeds the max of 500KB. [BABEL] Note: The code generator has deoptimised the styling of C:\Nightscout\node_modules\lodash\lodash.js as it exceeds the max of 500KB. asset js/bundle.app.js 2.09 MiB [emitted] [minimized] [big] (name: app) 2 related assets asset js/bundle.clock.js 184 KiB [emitted] [minimized] (name: clock) 2 related assets asset images/7342f65db5b9bb9b02700ef08b4ef27c.png 1.62 KiB [emitted] [immutable] [from: static/images/logo2.png] (auxiliary name: app) orphan modules 544 KiB [orphan] 521 modules runtime modules 2.13 KiB 13 modules cacheable modules 4.54 MiB modules by path ./node_modules/ 3.76 MiB 452 modules modules by path ./lib/ 772 KiB 81 modules modules by path ./static/ 26 KiB 7 modules optional modules 105 bytes [optional] buffer (ignored) 15 bytes [optional] [built] [code generated]

• 6 modules modules by path ./bundle/.js 1.39 KiB ./bundle/bundle.source.js 1.22 KiB [built] [code generated] ./bundle/bundle.clocks.source.js 178 bytes [built] [code generated] util (ignored) 15 bytes [built] [code generated] util (ignored) 15 bytes [built] [code generated] ./node_modules/moment/locale/ sync ^.\/.$ 3.21 KiB [optional] [built] [code generated]

WARNING in asset size limit: The following asset(s) exceed the recommended size limit (244 KiB). This can impact web performance. Assets: js/bundle.app.js (2.09 MiB)

WARNING in entrypoint size limit: The following entrypoint(s) combined asset size exceeds the recommended limit (244 KiB). This can impact web performance. Entrypoints: app (2.09 MiB) js/bundle.app.js

WARNING in webpack performance recommendations: You can limit the size of your bundles by using import() or require.ensure to lazy load some parts of your application. For more info visit https://webpack.js.org/guides/code-splitting/

webpack 5.75.0 compiled with 3 warnings in 20465 ms

nightscout@15.0.2 post-generate-keys node bin/generateRandomString.js >node_modules/.cache/_ns_cache/randomString

added 1098 packages, and audited 1099 packages in 34s

74 packages are looking for funding run npm fund for details

45 vulnerabilities (1 low, 14 moderate, 28 high, 2 critical)

To address issues that do not require attention, run: npm audit fix

To address all issues possible (including breaking changes), run: npm audit fix --force

Some issues need review, and may require choosing a different dependency.

Run npm audit for details.

C:\Nightscout>

And here is the Command Prompt for the starting of the server:

C:\Nightscout>node server.js API_SECRET has 72 bits of entropy Executing startBoot Executing checkNodeVersion Node LTS version v16.20.2 is supported Executing checkEnv Executing augmentSettings Executing checkSettings Checking settings Executing setupStorage Setting up new connection to MongoDB Successfully established connection to MongoDB Mongo user role seems ok: [ { role: 'readWrite', db: 'Nightscout' } ] Mongo Storage system ready Executing setupAuthorization ensuring index for: name ensuring index for: name Executing setupInternals Pushover was NOT configured Executing ensureIndexes Ensuring indexes ensuring index for: date ensuring index for: type ensuring index for: sgv ensuring index for: mbg ensuring index for: sysTime ensuring index for: dateString ensuring index for: [object Object] ensuring index for: created_at ensuring index for: eventType ensuring index for: insulin ensuring index for: carbs ensuring index for: glucose ensuring index for: enteredBy ensuring index for: boluscalc.foods._id ensuring index for: notes ensuring index for: NSCLIENT_ID ensuring index for: percent ensuring index for: absolute ensuring index for: duration ensuring index for: [object Object] ensuring index for: created_at ensuring index for: NSCLIENT_ID ensuring index for: startDate ensuring index for: type ensuring index for: position ensuring index for: hidden ensuring index for: created_at Executing setupListeners Executing setupConnect Skipping disabled nightscout-connect Executing setupBridge Dexcom bridge not enabled Executing setupMMConnect MiniMed Connect not enabled Executing finishBoot tick 2024-08-27T00:13:00.112Z Boot event processing completed Security settings: INSECURE_USE_HTTP= true , SECURE_HSTS_HEADER= true API KEY present, enabling API enabling feature: careportal enabling feature: iob enabling feature: cob enabling feature: openaps enabling feature: pump enabling feature: bwg enabling feature: rawbg enabling feature: basal enabling feature: treatmentnotify enabling feature: bgnow enabling feature: delta enabling feature: direction enabling feature: timeago enabling feature: devicestatus enabling feature: upbat enabling feature: errorcodes enabling feature: profile enabling feature: bolus enabling feature: dbsize enabling feature: runtimestate enabling feature: ar2 ensuring index for: identifier ensuring index for: srvModified ensuring index for: isValid ensuring index for: identifier ensuring index for: srvModified ensuring index for: isValid ensuring index for: identifier ensuring index for: srvModified ensuring index for: isValid ensuring index for: identifier ensuring index for: srvModified ensuring index for: isValid ensuring index for: identifier ensuring index for: srvModified ensuring index for: isValid ensuring index for: identifier ensuring index for: srvModified ensuring index for: isValid Production environment detected, enabling Minify Listening on port 81 null Load Complete:

data loaded: reloading sandbox data and updating plugins For the COB plugin to function you need a treatment profile For the Basal plugin to function you need a treatment profile ALARM SOCKET: emitted clear_alarm to all clients tick 2024-08-27T00:13:59.067Z Load Complete:

data loaded: reloading sandbox data and updating plugins For the COB plugin to function you need a treatment profile For the Basal plugin to function you need a treatment profile

[WanaGo]

The page now shows the Nightscout Profile, so that is good - wonder what happened in the first install as I did exactly the same thing... hmm

[jaylagorio]

That's great news! Next step, let's get IIS talking to Nightscout. Follow the steps in the guide and then try to access Nightscout on the same system using http://localhost/. This will show that you can go from IIS on port 80 to Nightscout on port 81, and once we have that working you can install your certificates and updater software which will enable you to go from IIS on port 443 to Nightscout on port 81.

[WanaGo]

So yes the http://localhost works on the local machine and brings up Nightscout in the browser. I can even go to http://MYSITE.duckdns.org and it brings up Nightscout also. However going to https://MYSITE.duckdns.org fails. As mentioned previously, in my router, I have forwarding to the LAN IP of my nightscout server, of external port 80, to internal port 81, and then external port 443 to internal port 443. That is where I dont know if I have it correct. Should I be going 80 to 80 or 80 to 81 here?

The IIS section in your guide is a little confusing to me, as you use the server name 'nightscout' here and I am unsure what that should be for me...

If I was to put in an IP here, is that the LAN IP of my server, or is that the external IP of my router (internet side) or is that something else? Or should i use 'nightscout' here like you did, even though the server is not called nightscout? That step is rather confusing. Is 'nightscout' the system name, or what is this exactly?

[jaylagorio]

Admittedly, ARR is going to be the more confusing step of this whole process but you're in a better place to start now. What it really comes down to is this question: are you running any other web services that you want to serve over port 443? If not we might be able to significantly simplify it for your case.

That said, you can safely delete your 80 -> 81 rule on your router and keep only the 443 rule.

[WanaGo]

No, nothing else at this stage, this is the primary focus so we can ignore anything else that may come later - that is a task for another day. So this is the only thing on 443 I want Thank you

[WanaGo]

By removing the 80->81 rule in the router, now when I go to http://MYSITE.duckdns.org it goes to the login page of my router... which is not ideal to expose to the outside world...

[jaylagorio]

If that's what's happening after you remove the 80 -> 81 rule that's likely been that way for a while and you need to go into your router settings and disable remote administration.

As to not self-hosting anything else, great. The guide is setup like IIS is running on a machine on your network forwarding to a different system running Nightscout so that's more complicated than your setup. I'm also going to assume you have AAPS connecting to Nightscout through cellular only, if you want to connect while the phone is on Wi-Fi in your house let's also cross that bridge a little later.

First off, in your bindings (Step 2 under Create Proxy Site) one host name should be the host name of the computer as it is inside your network. Make sure to include the internal domain name you're using. As an example, we'll call it mypc1.myhouse.local. If you're not using a domain name internally you can use mypc1 all by itself. You also want to have MYSITE.duckdns.org in there as well listening on port 443. It's probably better for you to make sure this step is done and then you get a certificate set up before continuing on.

Using that information as a template with the graphic you copied above, that first text box needs to be localhost:81. The second text box will also be localhost:81 because you're forwarding to a different port on the same PC, not a standard port on a different PC. The third textbox will be MYSITE.duckdns.org because you want to translate requests that come in to MYSITE.duckdns.org (silently acknowledging port 443) internally to localhost:81 and back again.

Try that and configure compression and see how that looks. It's hard to visualize how this is working on Windows client because I'm not sure all of the options are in the right place, it might be time to move this to email and/or I can configure it for you in private.

[WanaGo]

OK thanks for that

Using that information as a template with the graphic you copied above, that first text box needs to be localhost:81. The second text box will also be localhost:81 because you're forwarding to a different port on the same PC, not a standard port on a different PC. The third textbox will be MYSITE.duckdns.org because you want to translate requests that come in to MYSITE.duckdns.org (silently acknowledging port 443) internally to localhost:81 and back again.

I have done this now with localhost:81, and the configure compression set has already been completely set up as per your guide, however it hasnt changed the https situation unfortunately.

Would love to touch base with you offline.

[jaylagorio]

We can do that, but first do this because otherwise IIS isn't going to respond over port 443:

As to getting a certificate for IIS, you can get them for free. Check out Let's Encrypt and use (Certify The Web)[https://certifytheweb.com/]` to automate replacement of the certificates before they expire. They're both free to use, though Certify The Web has a paid version - that's overkill and you don't need to pay for it.

And once you're done with that, right-click the Nightscout Proxy site, click Edit Bindings, double-click the HTTPS bindings and make sure the SSL certificate that's selected in the drop down menu has [Certify] in the name. Click OK, then click Close, and we can go from there.

[WanaGo]

Yep that has been done for a few days already. Hopefully I did it right. But yes it's got the certificate loaded and in the bindings already. Didn't make this work though as its been set up for a couple of days

[WanaGo]

Issue solved. Main issue was related to Port Filtering with the ISP. Thanks so much @jaylagorio for assisting