Issue connecting to production environment with ssl terminated load balancer

Hi guys, after a long and winding road we have our app released, and are currently doing small regional facebook ad buys to collect app metrics (Flurry). We have a app start event, which confirms that the unity app has a connection, and the app then connects to nakama and authenticates via device id for new users. In flurry we are seeing a 30/45% dropoff of the login complete event. This data is coming from Guatemala and Mexico City respectively. This implies that 30/45% of users can’t successfully reach our production environment. We are hosting nakama on digital ocean in their new york data center, using a SSL terminated load balancer and we are connecting nakama on port 443 and routing to the default port on our droplet. The load balancer uses a Let’s Encrypt cert. We have developers in Nicaragua, India, Egypt, and managers in the states, and have never had issues connecting to this environment. Any ideas on what might be causing this connection issue? Any help greatly appreciated!

Unfortunately we cannot debug the issue as we don’t have access to your deployment and don’t know what configuration and tuning you’ve implemented within Digital Ocean.

If you were operating on our Heroic Cloud, which also supports our ability to continue developing Nakama open-source, we would be able to help investigate the issue. The Heroic Cloud enables developers to focus on their gameplay and players, rather than worrying about issues such as SSL termination and managing deployments.

Thanks, I understand the cloud option but we have very few users at this point so can’t afford the expense just yet. On our load balancer we have port 443 forwarded to 7350 on the droplet, and 8443 forwarded to port 7351 for the admin console. The documentation says the other ports required are determined by the api port, but how does that work with a load balancer and port forwarding?

it looks like the other two ports required are sequentially one less than the API port, so do I need to open 442 and 441 and have them forwarded to 7349 and 7348 respectively?