Nginx not responding to port 80 on public IP address

Francis Daly francis at daoine.org
Thu Feb 4 10:06:13 UTC 2021 

On Thu, Feb 04, 2021 at 07:40:35AM +0000, Adam wrote:

Hi there,

It sounds like something outside of your nginx is preventing the traffic
from getting to your nginx.

In that case, no nginx config can help you; but there are other things
you can perhaps look at.

> nginx is running and listening on port 80:
>         tcp        0      0 0.0.0.0:80              0.0.0.0:*
> LISTEN      0          42297      3576/nginx: master
>         tcp6       0      0 :::80                   :::*
>  LISTEN      0          42298      3576/nginx: master
> 
> The server responds fine to requests on port 443, serving traffic exactly
> as expected:
>         tcp        0      0 0.0.0.0:443             0.0.0.0:*
> LISTEN      0          42299      3576/nginx: master

> I have been testing by sshing to an external machine and trying telnet
> my.host.name 80 - which times out, compared to telnet my.host.name 443,
> which connects immediately.

Do your nginx logs indicate that the 443 traffic actually gets to this
nginx, and not to a random server that allows port-443 connections?

Perhaps use "curl" to make a request, and confirm that the response is
from this nginx.

> The port is open on my router to allow port 80 traffic. This machine is

Do you have any local firewall running on the nginx machine that might
block or otherwise limit inbound traffic?

> hosted on my home network, serving personal traffic (services which I use,
> but not for general internet use). It does respond to port 80 internally,
> if I use the internal ip address (http://192.168.178.43).

If that test is "from the nginx machine itself", then a local firewall
probably won't block it. If that test is from another machine on the home
network, then a local firewall that only allows same-subnet connections
would allow this, but not allow your external test.

"iptables -L -v -n" might show things there; or whatever local firewall
command your system might use.

> I've kind of run out of ideas, so thought I would post here.

I would probably try to run "tcpdump" on the nginx server, to see what
port-80 traffic that machine sees when the connection is attempted.

(And maybe look at what is seen for port-443 traffic as well, for
comparison.)

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org

More information about the nginx mailing list