Unable to update when behind reverse proxy
Several issues compounded here.
I have an EAP653 and an ER605 added to a site. The controller showed 'device update available' but kept failing and the error says the port is not open, which is nonsense because it must be open otherwise how would I be accessing the controller. On a hunch I wondered if the issue was because the controller is on port 8043 behind a reverse proxy and the APs are (incorrectly) using the controller port not 443.
I changed the port in the web interface and the controller then failed to start. I found this article https://www.tp-link.com/uk/support/faq/3429/ but this failed to allow me to change the ports, although by some trial and error the controller did start and I was able to change the ports in the web interface back to defaults and this seems to work.
At this point I tested the theory by forwarding port 8043 to the controller and the upgrade then finally worked.
So there are 2 issues here, you cannot change ports in the web interface, which seems to be a known issue but the workaround doesn't work. And the second issue is the devices use the wrong port for upgrading. I sort of see where the issue stems from but as sitting the controller behind a reverse proxy is not exactly uncommon then the upgrade process should use 443 or this port should be separately configurable in settings.
Another day wasted on this issue that shouldn't be an issue.