Can't connect to Nginx from remote browser (weird issue)
Your firewall rules reject all incoming traffic.
You tried to deal with this by manually appending rules to allow HTTP, HTTPS and MySQL connections, but this does not work since they are already rejected by a previous rule.
Further, your system is running firewalld.
To resolve the problem, you should use firewalld to manage your firewall rules.
For example:
firewall-cmd --add-service=http
firewall-cmd --add-service=https
firewall-cmd --add-service=mysql
To make them persist, run:
firewall-cmd --runtime-to-permanent
(This last requires that you have updated to at least CentOS 7.1.)
Related videos on Youtube
gnoirzox
Updated on September 18, 2022Comments
-
gnoirzox over 1 year
I've got a really weird issue with Nginx, I can't access it from my browser.
I have installed a CentOS 7 virtual machine on my computer with Nginx, PHP-FPM and MariaDB installed and configured.
The configuration of Nginx is the following :
server { listen 80; server_name localhost; #charset koi8-r; #access_log /var/log/nginx/log/host.access.log main; location / { root /path/to/www index index.php; try_files $uri $uri/ /index.php?$args; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; try_files $uri $uri/ = 404; root /path/to/www/; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }
I have also configured Iptables with the following rules :
INPUT_ZONES all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:mysql Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp spt:http ACCEPT tcp -- anywhere anywhere tcp spt:https ACCEPT tcp -- anywhere anywhere tcp spt:mysql
And I have also decided to disable SELinux for the time being...
To finish, when executing "tcpdump port 80", I get this message while trying to access to the web server:
listening on enp0s3, link-type EN10MB (Ethernet), capture size 65535 bytes 19:39:51.574889 IP 192.168.56.1.59338 > 192.168.56.101.http: Flags [S], seq 2033938019, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val 551897257 ecr 0,sackOK,eol], length 0
And my computer web browser says that it can't connect to the specified server...
Do you have any idea what might cause this issue ? Did I miss something ?
Sorry for this long message, but I really have no idea what to do now..
Thanks
-
gnoirzox over 8 yearsGreat ! Indeed, I am not used to the firewall rules. I did not know firewalld. Thank you very much for the quick answer.
-
Kafka over 6 yearsWow this fixed the issue on my newly created CentOS 7.3 server on VPS. But I don't understand. Is the firewall blocking the incoming traffics by default on CentOS 7?
-
Michael Hampton over 6 years@newguy Yes, by default everything is blocked except those ports and services explicitly opened.
-
Michael Hampton about 6 yearsThis format is required on CentOS/RHEL 7.0. It's no longer necessary on 7.1 or later, and the other syntax should be used instead.