Return to Question

Removing domain name.

Source Link

edited Jan 19, 2019 at 19:38

CONTAINER ID        IMAGE                                                                           COMMAND                  CREATED             STATUS              PORTS                                      NAMES
ce7114e8383a        nginx:alpine                                                                    "nginx -g 'daemon of…"   43 minutes ago      Up 7 minutes        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   app_nginx_1
ffe588588a67        registry.gitlab.com/richardvanbergenexample/richardvanbergenexample-personal-website:latest   "/bin/sh -c 'npm run…"   43 minutes ago      Up 7 minutes        0.0.0.0:9000->9000/tcp                     app_web_1

Yet from the outside I cannot access https://www.richardvanbergen.com/https://www.example.com/ only http://www.richardvanbergen.com/http://www.example.com/

upstream node-app {
  server web:9000;
}

server {
  listen 80;
  listen 443 ssl;

  server_name www.richardvanbergenexample.com;

  ssl_certificate /certbot/live/www.richardvanbergenexample.com/fullchain.pem;
  ssl_certificate_key /certbot/live/www.richardvanbergenexample.com/privkey.pem;

  location / {
    proxy_pass         http://node-app;
    proxy_redirect     off;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
  }
}

C:\Users\Richard> Test-NetConnection -Port 443 -ComputerName www.richardvanbergenexample.com -InformationLevel Detailed
WARNING: TCP connect to (3.8.139.86[server_ip] : 443) failed
WARNING: Ping to 3.8.139.86[server_ip] failed with status: TimedOut


ComputerName            : www.richardvanbergenexample.com
RemoteAddress           : 3.8.139.86[server_ip]
RemotePort              : 443
NameResolutionResults   : 3.8.139.86[server_ip]
MatchingIPsecRules      :
NetworkIsolationContext : Internet
IsAdmin                 : False
InterfaceAlias          : WiFi
SourceAddress           : 192.168.1.103
NetRoute (NextHop)      : 192.168.1.1
PingSucceeded           : False
PingReplyDetails (RTT)  : 0 ms
TcpTestSucceeded        : False

C:\Users\Richard> Test-NetConnection -Port 80 -ComputerName www.richardvanbergenexample.com -InformationLevel Detailed


ComputerName            : www.richardvanbergenexample.com
RemoteAddress           : 3.8.139.86[server_ip]
RemotePort              : 80
NameResolutionResults   : 3.8.139.86[server_ip]
MatchingIPsecRules      :
NetworkIsolationContext : Internet
IsAdmin                 : False
InterfaceAlias          : WiFi
SourceAddress           : 192.168.1.103
NetRoute (NextHop)      : 192.168.1.1
TcpTestSucceeded        : True

CONTAINER ID        IMAGE                                                                           COMMAND                  CREATED             STATUS              PORTS                                      NAMES
ce7114e8383a        nginx:alpine                                                                    "nginx -g 'daemon of…"   43 minutes ago      Up 7 minutes        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   app_nginx_1
ffe588588a67        registry.gitlab.com/richardvanbergen/richardvanbergen-personal-website:latest   "/bin/sh -c 'npm run…"   43 minutes ago      Up 7 minutes        0.0.0.0:9000->9000/tcp                     app_web_1

Yet from the outside I cannot access https://www.richardvanbergen.com/ only http://www.richardvanbergen.com/

upstream node-app {
  server web:9000;
}

server {
  listen 80;
  listen 443 ssl;

  server_name www.richardvanbergen.com;

  ssl_certificate /certbot/live/www.richardvanbergen.com/fullchain.pem;
  ssl_certificate_key /certbot/live/www.richardvanbergen.com/privkey.pem;

  location / {
    proxy_pass         http://node-app;
    proxy_redirect     off;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
  }
}

C:\Users\Richard> Test-NetConnection -Port 443 -ComputerName www.richardvanbergen.com -InformationLevel Detailed
WARNING: TCP connect to (3.8.139.86 : 443) failed
WARNING: Ping to 3.8.139.86 failed with status: TimedOut


ComputerName            : www.richardvanbergen.com
RemoteAddress           : 3.8.139.86
RemotePort              : 443
NameResolutionResults   : 3.8.139.86
MatchingIPsecRules      :
NetworkIsolationContext : Internet
IsAdmin                 : False
InterfaceAlias          : WiFi
SourceAddress           : 192.168.1.103
NetRoute (NextHop)      : 192.168.1.1
PingSucceeded           : False
PingReplyDetails (RTT)  : 0 ms
TcpTestSucceeded        : False

C:\Users\Richard> Test-NetConnection -Port 80 -ComputerName www.richardvanbergen.com -InformationLevel Detailed


ComputerName            : www.richardvanbergen.com
RemoteAddress           : 3.8.139.86
RemotePort              : 80
NameResolutionResults   : 3.8.139.86
MatchingIPsecRules      :
NetworkIsolationContext : Internet
IsAdmin                 : False
InterfaceAlias          : WiFi
SourceAddress           : 192.168.1.103
NetRoute (NextHop)      : 192.168.1.1
TcpTestSucceeded        : True

CONTAINER ID        IMAGE                                                                           COMMAND                  CREATED             STATUS              PORTS                                      NAMES
ce7114e8383a        nginx:alpine                                                                    "nginx -g 'daemon of…"   43 minutes ago      Up 7 minutes        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   app_nginx_1
ffe588588a67        registry.gitlab.com/example/example-personal-website:latest   "/bin/sh -c 'npm run…"   43 minutes ago      Up 7 minutes        0.0.0.0:9000->9000/tcp                     app_web_1

Yet from the outside I cannot access https://www.example.com/ only http://www.example.com/

upstream node-app {
  server web:9000;
}

server {
  listen 80;
  listen 443 ssl;

  server_name www.example.com;

  ssl_certificate /certbot/live/www.example.com/fullchain.pem;
  ssl_certificate_key /certbot/live/www.example.com/privkey.pem;

  location / {
    proxy_pass         http://node-app;
    proxy_redirect     off;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
  }
}

C:\Users\Richard> Test-NetConnection -Port 443 -ComputerName www.example.com -InformationLevel Detailed
WARNING: TCP connect to ([server_ip] : 443) failed
WARNING: Ping to [server_ip] failed with status: TimedOut


ComputerName            : www.example.com
RemoteAddress           : [server_ip]
RemotePort              : 443
NameResolutionResults   : [server_ip]
MatchingIPsecRules      :
NetworkIsolationContext : Internet
IsAdmin                 : False
InterfaceAlias          : WiFi
SourceAddress           : 192.168.1.103
NetRoute (NextHop)      : 192.168.1.1
PingSucceeded           : False
PingReplyDetails (RTT)  : 0 ms
TcpTestSucceeded        : False

C:\Users\Richard> Test-NetConnection -Port 80 -ComputerName www.example.com -InformationLevel Detailed


ComputerName            : www.example.com
RemoteAddress           : [server_ip]
RemotePort              : 80
NameResolutionResults   : [server_ip]
MatchingIPsecRules      :
NetworkIsolationContext : Internet
IsAdmin                 : False
InterfaceAlias          : WiFi
SourceAddress           : 192.168.1.103
NetRoute (NextHop)      : 192.168.1.1
TcpTestSucceeded        : True

Source Link

asked Jan 19, 2019 at 14:54

Richard Vanbergen

Cannot connect to SSL from outside ubuntu

I've got a very strange problem connecting to my newly configured SSL site. This is an Ubuntu VPS hosted on Amazon lightsail.

I have docker container serving port 80 and 443 as you can see here:

CONTAINER ID        IMAGE                                                                           COMMAND                  CREATED             STATUS              PORTS                                      NAMES
ce7114e8383a        nginx:alpine                                                                    "nginx -g 'daemon of…"   43 minutes ago      Up 7 minutes        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   app_nginx_1
ffe588588a67        registry.gitlab.com/richardvanbergen/richardvanbergen-personal-website:latest   "/bin/sh -c 'npm run…"   43 minutes ago      Up 7 minutes        0.0.0.0:9000->9000/tcp                     app_web_1

From inside the server I can make a curl request to that container and get a proper response on SSL. I get this same response on port 80.

ubuntu@ip-172-26-13-199:~$ curl -k https://0.0.0.0:443
<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta http-equiv="x-ua-compatible" content="ie=edge"/>
... // rest of served HTML

I have temporarily disabled the firewall entirely just to rule it out.

ubuntu:~$ sudo ufw disable
Firewall stopped and disabled on system startup
ubuntu:~$ sudo ufw status
Status: inactive

Yet from the outside I cannot access https://www.richardvanbergen.com/ only http://www.richardvanbergen.com/

This is my nginx default configuration so far. It's a reverse proxy to another docker image.

upstream node-app {
  server web:9000;
}

server {
  listen 80;
  listen 443 ssl;

  server_name www.richardvanbergen.com;

  ssl_certificate /certbot/live/www.richardvanbergen.com/fullchain.pem;
  ssl_certificate_key /certbot/live/www.richardvanbergen.com/privkey.pem;

  location / {
    proxy_pass         http://node-app;
    proxy_redirect     off;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
  }
}

And this is included by an otherwise default nginx configuration.

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
  worker_connections  1024;
}

http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  /var/log/nginx/access.log  main;

  sendfile        on;
  #tcp_nopush     on;

  keepalive_timeout  65;

  #gzip  on;

  include /etc/nginx/conf.d/*.conf;
}

Edit #1 - Output from Test-NetConnection

C:\Users\Richard> Test-NetConnection -Port 443 -ComputerName www.richardvanbergen.com -InformationLevel Detailed
WARNING: TCP connect to (3.8.139.86 : 443) failed
WARNING: Ping to 3.8.139.86 failed with status: TimedOut


ComputerName            : www.richardvanbergen.com
RemoteAddress           : 3.8.139.86
RemotePort              : 443
NameResolutionResults   : 3.8.139.86
MatchingIPsecRules      :
NetworkIsolationContext : Internet
IsAdmin                 : False
InterfaceAlias          : WiFi
SourceAddress           : 192.168.1.103
NetRoute (NextHop)      : 192.168.1.1
PingSucceeded           : False
PingReplyDetails (RTT)  : 0 ms
TcpTestSucceeded        : False

C:\Users\Richard> Test-NetConnection -Port 80 -ComputerName www.richardvanbergen.com -InformationLevel Detailed


ComputerName            : www.richardvanbergen.com
RemoteAddress           : 3.8.139.86
RemotePort              : 80
NameResolutionResults   : 3.8.139.86
MatchingIPsecRules      :
NetworkIsolationContext : Internet
IsAdmin                 : False
InterfaceAlias          : WiFi
SourceAddress           : 192.168.1.103
NetRoute (NextHop)      : 192.168.1.1
TcpTestSucceeded        : True