-1

i use nginx as reverse proxy and proxying some of our webservers, application systems etc. Now i have a application, that is accessable via https on port 2222. So i created a redirect as i did for other systems.

My problem is, that i can't reach the application on that port. The connection is refused. My firewall will allow this connection, we checked this. Nginx is also listening on that port.

The Nginx configuration is:

server {
  listen 2222;

  server_name server.hostname.de;

  ssl_certificate           /etc/nginx/cert.cer;
  ssl_certificate_key       /etc/nginx/key.key;

  ssl on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  location / {
      proxy_pass https://server.hostname.de:2222/;
  }
}

Any idea what could be wrong here?

Thanks in advance

Improve this question
2
  • show us the configuration server block (and upstream if you defined it)
    – Nikita Kipriyanov
    Commented Mar 19 at 12:05
  • Please, add also ss -lnpt | grep 2222 to confirm what is listening on that port and which IP addresses are used for that. You may mask public IPs, but better don't do anything with private ones. (I'll update my answer below if that makes it more clear to me.)
    – Nikita Kipriyanov
    Commented Mar 19 at 15:27

3 Answers 3

Reset to default
0

So there is another servce on the port 2222 at the same machine where Nginx attempts to listen to port 2222? I think this config should refuse to load, in which case it would complain into logs. It can't listen to the same address and port which is already listened to. Or, you can observe that it loop-proxies request to itself: it is both listening on port 2222 and directs requests on port 2222 (I don't know how it would look, but don't expect any good.)

Please, show also ss -lnpt | grep 2222 to confirm what is listening on that port and which IP addresses. You may mask public IPs, but better don't do anything with private ones.

It might be that your service is listening on localhost only (127.0.0.1 and/or ::1), in that case you need to also direct Nginx to localhost:

      proxy_pass https://127.0.0.1:2222/;

Better yet, avoid looping back to the same port on the same host, just to be safe. Use different ports for back-end service (that might be 2222) and front-end proxy (which is the best to let listen on 443 for HTTPS and 80 for HTTP). Also, use listen 443 ssl instead of separate ssl on (which is the obsolete way to configure SSL).

Improve this answer
0

This should be a comment, but space is limited and so is formatting....

So i created a redirect

No you didn't. A redirect is something completely different. You provisioned a proxy.

The connection is refused. My firewall will allow this connection, we checked this. Nginx is also listening on that port.

But you're not going to tell us how you did that? Nor what OS this is running on?

You've made a set of contradictory assertions and provided no evidence to support any of them.

Unless you've done something very strange with split DNS you appear to be pointing nginx back to itself.

Improve this answer
-1

Sure, this is my config.

server {
  listen 2222;

  server_name server.hostname.de;

  ssl_certificate           /etc/nginx/cert.cer;
  ssl_certificate_key       /etc/nginx/key.key;

  ssl on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  location / {
      proxy_pass https://server.hostname.de:2222/;
  }
}
Improve this answer
1
  • 1
    This is not an answer to a question. You should have been editing your question to add this information rather than using "your answer" form. I moved it there for you, but next time do it yourself please! And, better remove this non-answer.
    – Nikita Kipriyanov
    Commented Mar 19 at 15:10

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .