How do I enable 443 port for SSL?
I had tried all day to make this possible. I had done everything I knew and I found online but dead end.
Techs: DEBIAN 11, NGINX, certbot, Docker
nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_tokens off;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
client_body_timeout 15;
gzip on;
gzip_vary on;
gzip_min_length 1k;
upstream docker-frontend {
server frontend:3100;
}
upstream docker-admin {
server admin:3000;
}
server {
listen 80;
listen [::]:80;
server_name example.dev www.example.dev;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://example.dev$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name admin.example.dev;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://admin.example.dev$request_uri;
}
}
server {
listen 443 default_server ssl http2;
listen [::]:443 ssl http2;
server_name example.dev;
ssl_certificate /etc/nginx/ssl/live/example.dev/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/example.dev/privkey.pem;
location / {
proxy_pass http://docker-frontend;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name admin.example.dev;
ssl_certificate /etc/nginx/ssl/live/example.dev/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/example.dev/privkey.pem;
location / {
proxy_pass http://docker-admin;
}
}
}
curl --ipv4 -v "https://example.dev/"
curl: (7) Failed to connect to example.dev port 443 after 65 ms: Connection refused
curl --ipv6 -v "https://example.dev/"
curl: (7) Couldn't connect to server
curl --ipv4 -v "http://example.dev/"
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Sat, 24 Dec 2022 23:10:07 GMT
< Content-Type: text/html
< Content-Length: 162
< Connection: keep-alive
< Location: https://example.dev/
docker inspect nginx
"PortBindings": {
"433/tcp": [
{
"HostIp": "",
"HostPort": "443"
}
],
"80/tcp": [
{
"HostIp": "",
"HostPort": "80"
}
]
},
"ExposedPorts": {
"433/tcp": {},
"80/tcp": {}
},
"Volumes": {
"/etc/nginx/conf.d": {},
"/etc/nginx/ssl": {},
"/var/www/certbot": {}
},
"Ports": {
"433/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "443"
},
{
"HostIp": "::",
"HostPort": "443"
}
],
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "80"
},
{
"HostIp": "::",
"HostPort": "80"
}
]
},
ufw status
Status: active
To Action From
-- ------ ----
80 ALLOW Anywhere
443 ALLOW Anywhere
22/tcp ALLOW Anywhere
22 ALLOW Anywhere
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
1 Reply
vhumphrey
Linode Staff
Hey @recc,
I believe your intention is to configure nginx on your Linode using Docker and a Nginx image set up SSL using certbot and Let's encrypt. My assumption may not be correct, so it would be helpful to see the contents of your docker-compose.yml or the Docker commands you use to start your containers.
Are you running the Docker daemon as a non-privileged user? If so this may restrict the port range available to a non-privileged user. See Dockers documentation on Docker as a non-root user
I think taking a close look at the configuration of your default Docker network Docker Networking, make sure you have the correct configuration for your use case. You view the Docker networks available to you with the command below:
docker network ls
Double check which ports your container is using:
docker ps
Then identify what ports your container is listening on:
docker port test
Here is a blog post that details a similar setup.
I hope this provides some insight.