Nginx HTTPS Connection refused

7k views Asked by At

I'm having trouble getting SSL to work with my Nginx installation. I found a couple of other questions related to this but they did not fix my problem.

Checks I did:

  • nginx -t returns with no errors
  • ufw disable to let all traffic trough
  • netstat -nltp tells me that tcp:0.0.0.0:80 and tcp:0.0.0.0:433 go to nginx: master
  • curl -v https://mywebsite.nl returns Failed to connect to mywebsite.nl port 443: Connection refused
  • curl -v http://mywebsite.nl returns OK

Weird things:

  • netstat -peanut | grep ":80 " returns with tcp:0.0.0.0:80 bound to nginx: master but when I try netstat -peanut | grep ":443 " it returns nothing?
  • if I try nmap -p 433 mywebsite.nl it returns 433/tcp filtered nnsp while I expected the port to be open as it does with port 80

I bundled my CA certificate together with my own one (in the right order as mentioned by the Nginx docs).

My Nginx-conf looks like this:

server {
listen 80;
listen 433 ssl http2;

ssl_certificate             /etc/ssl/certs/mywebsite.nl-bundle.crt;
ssl_certificate_key         /etc/ssl/certs/mywebsite.nl.key;

server_name                 *.mywebsite.nl;
root                        /var/www/mywebsite-app/public;

add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";

index index.php;

charset utf-8;

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt  { access_log off; log_not_found off; }

error_page 404 /index.php;

location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
    include fastcgi_params;
}

location ~ /\.(?!well-known).* {
    deny all;
}

if ($scheme != "https") {
    return 301 https://$host$request_uri;
}
}
1

There are 1 answers

1
Steffen Ullrich On BEST ANSWER

listen 433 ssl http2;

It should be 443, not 433. See also the error message, which also says that it tries to connect to port 443:

Failed to connect to covidtesta4.nl port 443: Connection refused