Edge Agent connection problem.

[jeeey]

Ask a Question!

Hello everyone,

I’m having trouble connecting my Portainer Edge Agent (running in a private network) to my Portainer server (running on a public server). Here’s my setup and what I’ve tried so far:

Environment Details:

Portainer Server Version: ee-latest
Portainer Server Host OS: Ubuntu 22.04
Edge Agent Version: 2.19.1
Edge Agent Host OS: Rocky 9.5

Network Setup:
Portainer server has a public IP; firewall rules allow inbound on 8000 and 9443.
Edge Agent host is behind a NAT / private network, but outgoing connections on 8000 and 9443 are allowed.

What I Did:

Installed and started the Portainer server on the public machine using the usual Docker run command .
Deployed the Edge Agent on the private network host using the instructions from Portainer docs.
Verified via telnet that the private host can reach the public server on ports 8000 and 9443.

Observed Behavior:

Portainer web UI, the Edge Agent remains unreachable (but hearbeat is green).

In the Edge Agent logs I see:

2025/02/05 07:58PM DBG github.com/portainer/agent/chisel/client.go:37 > creating reverse tunnel client | local_addr=172.17.0.2:9001 remote_port=63738 server=x.x.x.x:8000 server_fingerprint=o
c74PbJBm8zOmoudsSA7qn3DiGtCupWgqH7xleULC4c=
2025/02/05 19:58:08 client: Connecting to ws://x.x.x.x:8000
2025/02/05 19:58:53 client: Connection error: read tcp 172.17.0.2:52460->x.x.x.x:8000: i/o timeout
2025/02/05 19:58:53 client: Give up

In the Portainer server logs I see:

2025/02/05 08:26PM DBG security/bouncer.go:402 > HTTP error | error="unable to open the tunnel" msg="Unable to get the active tunnel" status_code=500

Troubleshooting Steps Taken:

Checked firewall rules on the public server (port forwarding/open inbound on 8000, 9443).
Verified that the private network host can establish outbound connections on these ports.
Restarted both the Portainer container and the Edge Agent container.

Thanks in advance.

[Nick-Portainer]

Hi, in the Portainer UI Server do you see the edge environment showing that it has a heartbeat and it's when you click on the environment you get the error? The edge agent creates a tunnel on port 8000 so can you please run a telnet command from the agent to Portainer server and confirm it can connect?

[Nick-Portainer]

@awcodify Is the standalone host also running Rocky Linux?

[awcodify]

@awcodify Is the standalone host also running Rocky Linux?

i tried in my local (mac) and server (ubuntu), both have same exact problem.

[programmeryaml]

UP ! @Nick-Portainer

[Nick-Portainer]

Hi @programmeryaml Can you confirm port 8000 is open on your Portainer Server? I can see from this 2025/02/05 19:58:53 client: Connection error: read tcp 172.17.0.2:52460->x.x.x.x:8000: i/o timeout that the connection is timing out, is your reverse proxy terminating the connection because it's exceeding the Proxy timeout?

[awcodify]

On my end, the port is open—telnet connects successfully. I also tried exposing port 8000 directly to the container and using a reverse proxy, but neither worked.