Email View Tracking Not Working When Server is Behind VPN

[Aj7ay7]

Version:

• listmonk: [v4.1.0]
• OS: Ubuntu

Description of the bug and steps to reproduce:
Issue Description:
Email view tracking is not functioning properly when listmonk is deployed on a server using VPN, while the same configuration works correctly on a server without VPN.

Environment:

• Two identical listmonk servers with same configuration
• Server 1: With VPN
• Server 2: Without VPN (working correctly)

Expected Behavior:

• Email view tracking should work consistently on both servers
• View statistics should be visible in the dashboard regardless of VPN usage

Actual Behavior:

• Email views are not being recorded/displayed on the VPN server
• Email views are working correctly on the non-VPN server

Screenshots:
Without VPN:

With VPN :

[thebootable]

maybe you could elaborate more on your VPN setup?
Because my listmonk is also hosted on a server that uses a VPN but the views-counter is working just fine.
What exactly does your VPN do? E.g. in my setup the VPN is used to get management access to the server, but in general all public-facing pages (including the subscribe form etc.) are not routed through the VPN. This is important, because how else would you expect the tracking-traffic to arrive at the listmonk server?

--> I'm assuming it's more an issue of how the VPN is setup and not so much about how listmonk handles it. This is because listmonk is not even aware there is a VPN setup if done correctly.

Another test for you: Upload some media to the media-tab and try accessing it on the VPN-server but from a device that is not connected to the VPN. You will probably see an error on that too.

[Aj7ay7]

we are using this

labels:
      - traefik.enable=true
      
      # Base middleware
      - traefik.http.middlewares.gzip.compress=true
      - traefik.http.middlewares.admin-ipwhitelist.ipwhitelist.sourcerange=1.9.10.4/32,5.7.3.8/32
      
      # Public routes (no VPN restriction)
      - traefik.http.routers.listmonk-public.rule=Host(`bakra.listmonk.com`) && (PathPrefix(`/subscription`) || PathPrefix(`/public`) || PathPrefix(`/media`) || PathPrefix(`/archive`) || PathPrefix(`/campaign`) || PathPrefix(`/link`) || PathPrefix(`/track`) || Path(`/pixel.gif`))
      - traefik.http.routers.listmonk-public.service=listmonk-service
      - traefik.http.routers.listmonk-public.tls=true
      - traefik.http.routers.listmonk-public.middlewares=gzip
      - traefik.http.routers.listmonk-public.entrypoints=websecure
      
      # Admin routes (VPN restricted)
      - traefik.http.routers.listmonk-admin.rule=Host(`bakra.listmonk.com`) && (PathPrefix(`/admin`) || PathPrefix(`/api`))
      - traefik.http.routers.listmonk-admin.service=listmonk-service
      - traefik.http.routers.listmonk-admin.tls=true
      - traefik.http.routers.listmonk-admin.middlewares=admin-ipwhitelist,gzip
      - traefik.http.routers.listmonk-admin.entrypoints=websecure
      
      # Service definition
      - traefik.http.services.listmonk-service.loadbalancer.server.port=9000
      ```

[thebootable]

okay, I have multiple follow-up questions/ideas

1. Do you actually own the domain listmonk.com? :D That would be wild :D
2. with the latest version of listmonk its not necessary anymore to hide the admin and api endpoint because listmonk brings auth on these endpoints.
3. if you were to restrict it, I'd suggest leaving the public facing endpoint as non-specific as possible. Leave out all the path-prefixes on the public facing rule. traefik.http.routers.listmonk-public.rule=Host(bakra.listmonk.com)
   This helps with making sure you don't forget any endpoint., specifically the endpoint for tracking. You have it set up seemingly correctly but I'd try doing it non-specifically first and then step by step add restrictions back in.
4. It could also be an issue with how the traffic flows in your setup but I can't help you with that