Unable to Connect AltaRoute10 to Docker-Based Controller - Need Help!


Hi everyone,
I’ve been trying to set up my AltaRoute10 with a Docker-based controller on my Mac, and I’ve hit a roadblock. I’ve tried everything I can think of, and this forum is my last resort. Here’s the situation:

Docker Command

Here’s the exact command I’m using to run the Docker container:

docker run -it \
  --privileged \
  --network custom_bridge \
  --ip 192.168.1.11 \
  -p 80:80 \
  -p 443:443 \
  --name control \
  altalabs/control:1.0d-arm64

Network Setup

I’ve created a custom bridge network with the following command:

docker network create \
  --driver=bridge \
  --subnet=192.168.1.0/24 \
  custom_bridge

Observations

  • I can successfully:
  • Issues:
    1. The AltaRoute10 device doesn’t appear in the controller interface.
    2. When I access 192.168.1.1 (AltaRoute10’s management page), it asks for the controller URL. After entering the URL, nothing happens.

What I’ve Tried

  1. Verified the container’s IP (192.168.1.11) and ensured the ports (80 and 443) are open and accessible.
  2. Configured the controller to listen on all network interfaces (0.0.0.0).
  3. Tested connectivity between the container, the host, and the AltaRoute10.
  • The container can ping the router (192.168.1.1) and vice versa.
  1. Verified that the DDNS and controller pages load without errors.
  2. Checked the logs from both the controller and the AltaRoute10 for hints, but nothing conclusive.

Problem

Despite the setup:

  • The AltaRoute10 does not register with the controller.
  • Entering the controller URL on 192.168.1.1 does not take effect or show any errors. But after some time the Route10 starts blinking red.

At this point, I feel I’ve done everything I could, but I must be missing something. If anyone has experience with AltaRoute10 and Docker-based setups, your advice would be greatly appreciated.

Thanks in advance!

Do you use any kind of dns filters like adguard/pihole in your network or using something like nextdns? They usually offer some option called rebinding protection, that needs to be turned off. Every dns request that resolves to some private address will be blocked if it’s on.
dig A local.xxxxxxx.ddns.manage.alta.inc @1.1.1.1 should resolve to 192.168.1.11.
You can also create a macvlan network, and attach the alta controller to it, so the controller is able to discover the R10, since they are in the same broadcast domain.

1 Like

I turned off Adguard and do not have any other services/tools to keep it simple. also yes the local…ddns resolves to 192.168.1.11.

but if I dont use local. and directly go to xxx.ddns.manage.alta.inc it directs to my Public IP and then to 192.168.1.1 where router page is hosted … I assume that is expected

you have created a new docker network of type bridge. Did you add the physical nic of your docker host to that bridge?
creating a new bridge with the same subnet as your physical nic doesn’t automatically add the nic as a bridge port.
Please share the output of brctl show and ip a.

The bridge driver, which is the default Docker network type, allows multiple containers to be added to the same broadcast domain. However, communication between this network and the Docker host is still handled through NAT. This is why you need to use ‘publish’ (-p) which simply adds a destination NAT to the container’s internal IP address.

1 Like

okay, I verified and it does show eth0 as interface. but when I tried to access.log ngx in controller I see this

192.168.1.1 - - [05/Dec/2024:21:16:08 +0000] “POST /api/device/boot HTTP/1.1” 400 8 “-” “curl/8.7.1”

192.168.1.1 is route10 trying to hit controller.

Observations:

  1. HTTP 400 Errors:
  • Multiple 400 Bad Request responses are observed for POST /api/device/boot. This indicates an issue with the request payload or the endpoint not handling the request properly.
  1. HTTP 200 Responses:
  • Successful requests to POST /api/sites/stats with 200 OK indicate that some endpoints are working as expected.
  1. MQTT Handshake:
  • The GET /mqtt requests return 101 Switching Protocols, indicating successful WebSocket upgrades.
  1. High Network Activity:
  • Continuous traffic on port 443 suggests secure communication between server and multiple clients or upstream services like CloudFront.
  1. Dynamic DNS:
  • Requests to local.kmc04sprrnv.ddns.manage.alta.inc imply dynamic DNS configuration is actively resolving, but the payloads seem inconsistent.

ran tcpdump:

Observations:

  1. Active Communication:
  • The traffic between 192.168.1.1' and the container (192.168.1.11`) is clearly visible.
  • Requests and responses are being exchanged over HTTPS (https port).
  1. HTTP 400 (Bad Request):
  • There are no visible signs of dropped packets or missing responses in the TCP stream. This indicates that the 400 errors are application-layer (server-side), not network-layer issues.
  • A 400 Bad Request typically means the server received the request but found something invalid in its headers, body, or structure.
  1. Bridge and Interface:
  • container (eth0) is functioning properly, and packets are flowing through without issues.
  1. Router Role:
  • The router (192.168.1.1) is initiating connections properly, which rules out issues with routing or NAT.

I reset. the router and below its access log summary:

Observations from Logs

  1. 400 Errors Persist for /api/device/boot:
  • Requests to /api/device/boot from 192.168.1.1 continue to return 400 Bad Request.
  • This is still likely an application-layer issue (server-side validation, headers, or payload).
  1. Other API Endpoints Respond Correctly:
  • Other requests from 192.168.1.1 to endpoints like /, /manifest.json, /api/activated, /api/sites/stats, /api/device/list, etc., are returning 200 OK.
  • This suggests that the server is functional and accessible, but something specific about /api/device/boot is causing rejection.
  1. Successful Web UI Access:
  • A user agent (Mozilla/5.0) from 192.168.1.1 accessed the dashboard and related resources (e.g., manifest.json, /dashboard/Home+Base).
  • Indicates that both HTTP and HTTPS services are working fine.
  1. Dynamic DNS and JWT Authentication:
  • Some requests include tokens (JWT) and appear tied to dynamic DNS (local.kmc04sprrnv.ddns.manage.alta.inc).
  • The server is handling token-based requests successfully, indicating proper configuration of authentication mechanisms.

lastly I got this email notification with error, not sure if it is related to this situation:

POST /fe/oops
SyntaxError: Unexpected token u in JSON at position 0
at JSON.parse ()
at /usr/share/access/be/access.js:2:1959910
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async /usr/share/access/be/access.js:2:1947417
at async y.pgPool (/usr/share/access/be/access.js:2:2017501)
at async t.handler (/usr/share/access/be/access.js:2:1947399

What version of Control are you running? If you access the container via shell you can sudo apt update && sudo apt upgrade -y to upgrade Control. The default version at time of creating the container is 1.0d, so if you haven’t upgraded via apt, then it’s likely running a version that doesn’t yet support Route10.

EDIT: updated wording

The issue is resolved—I updated the Docker image from inside the container, and it worked. However, I wasn’t aware that updates were needed even after pulling the latest image. It might be helpful to host the fully updated image or provide documentation clarifying this process. I didn’t see this information anywhere, so I wanted to bring it to your attention.

1 Like

I’m glad to hear that resolved the issue.

As far as I know, the plan is to update or replace the image down the road, but in the interim, we absolutely should have that in the documentation—thank you for bringing it to our attention. It should be updated by tomorrow.