Nginx refused to connect to port 443
I solved the problem but this is not a general solution. In my case, Docker was interferring with iptables and didn't allow connections on port 443. After I exposed the port from Docker, it started to work.
Related videos on Youtube
Dani Mateo
Updated on September 18, 2022Comments
-
Dani Mateo over 1 year
So, I am trying make Nginx serve my website via https, but it keeps hitting me with a refused to connect error.
So here are the outputs for:
-
curl https://juristnet.ro (this is the website)
curl: (7) Failed to connect to juristnet.ro port 443: Connection refused
-
netstat -anltp
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN - tcp 0 0 46.101.111.197:80 66.249.64.215:60905 TIME_WAIT - tcp 0 0 46.101.111.197:80 66.249.64.211:57434 ESTABLISHED - tcp 0 0 46.101.111.197:22 82.208.159.43:26902 ESTABLISHED - tcp 0 476 46.101.111.197:22 82.208.159.43:11648 ESTABLISHED - tcp 0 0 46.101.111.197:22 223.99.60.37:16862 ESTABLISHED - tcp6 0 0 :::8080 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN - tcp6 0 0 :::30845 :::* LISTEN -
As you can see, port 443 is open and Nginx is listening
80/tcp open http 443/tcp open https 3306/tcp open mysql 5432/tcp open postgresql
Nmap shows port is open.
UFW is inactive, so not firewall issues. It's a droplet at digitalocean, so no forwarding problems on their side.
-
iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere localhost tcp spts:1024:65535 dpt:https state NEW,ESTABLISHED Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-ISOLATION all -- anywhere anywhere DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:http ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:https
My Nginx.conf:
user admin root; worker_processes auto; error_log /var/log/nginx/error.log debug; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; include /etc/nginx/conf.d/*.conf; }
My other conf ( for the server blocks):
server { listen 80; listen 443 ssl; server_name juristnet.ro www.juristnet.ro; keepalive_timeout 70; ssl_certificate /etc/letsencrypt/live/juristnet.ro/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/juristnet.ro/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; root /var/test/proiect; client_max_body_size 10M; location = /favicon.ico { access_log off; log_not_found off; alias /var/test/proiect/favicon.ico; } location /static/ { autoindex on; } location /assets/ { autoindex on; alias /var/test/proiect/assets/; } location ~ /.well-known/ { allow all; } location / { include /etc/nginx/fastcgi_params; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; proxy_pass http://unix:/var/test/proiect/Tutorial2.sock; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; }
There is also another subdomain, but i'm guessing that's not relevant.
The error logs and access logs for nginx don't show anything special.
The certificates were obtained from letsencrypt. If I try binding gunicorn
as it is on 0.0.0.0:8000, with the --keyfile and --certfile options, it does work with https, so I am guessing this is an nginx issue. Or maybe i need to add those settings somewhere? Anyway, I have been bashing my head on this for 2 days, so if anybody has any solution to this, I would be very thankful.-
Tim about 7 yearsCan you curl port 443 from the droplet / instance itself? If so then the issue is a firewall or other kind of port blocking.
-
Dani Mateo about 7 yearsIf you mean doing curl localhost:443, it shows this : <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>nginx/1.10.2</center> </body> </html>
-
Tim about 7 yearsOk, so Nginx is listening fine on port 443, the next thing to work out is where it it being blocked. If you can try the same thing from another server in the same data centre or logical network that would give you more information.
-
Tero Kilkanen about 7 yearsTry
curl https://localhost
.curl localhost:443
will try to make a HTTP connection to the https port of your server, which is not correct. -
Dani Mateo about 7 yearsI solved it, it had something to do with Docker. Thanks for the help guys!
-
-
ibaralf almost 7 yearsCould you post the solution you did - I mean how you exposed the port in docker. I have a similar situation and would like to see if that helps. Thanks.
-
D.R. over 6 years@ibaralf Hello. Did you solved this issue?
-
D.R. over 6 years@Dani Mateo. Looks like I also have the same issue. Could you post your solution?
-
Dani Mateo about 6 yearshello, sorry for the late reply. I didn't have any use for Docker and just uninstalled it and it seemed to work afterwards. Look for third parties that may interfere with the ports. Good luck!
-
ibaralf about 6 years@D.R. unfortunately I cannot remember if or how I resolved it since I am not working on this project anymore. With Dani's last comment, I think this was not a solution.
-
Do Async over 5 yearsJust add line "EXPOSE 443" to you Dockerfile (and recreate the container)