This is my first time setting up a server and I've just installed a SSL cert. I have also made some changes to the iptable to allow access to 443. Below is the output of iptables -L
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
I also checked nmap by ssh'ing into the server and run nmap from the server itself.
Starting Nmap 5.51 ( http://nmap.org ) at 2016-04-15 15:31 SGT
Nmap scan report for <my.domain.ip>
Host is up (0.0000050s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
443/tcp open https
3005/tcp open deslogin
3031/tcp open epic
When I tried telnet [my.domain.ip] 443 remotely
Trying <my.domain.ip>...
telnet: connect to address <my.domain.ip>: Connection refused
telnet: Unable to connect to remote host
Lastly, I do not know if nginx.conf plays a part but below is a snippet of the code for the ssl for the domain
#include /etc/nginx/conf.d/*.conf;
server {
listen <my.domain.ip>:80;
server_name mydomain.com www.mydomain.com;
index index.html index.htm index.py;
access_log /var/log/nginx/mydomain.com.log;
error_log /var/log/nginx/mydomain.log.error;
root /home/fr/;
charset utf-8;
#error_page 500 502 503 504 /custom_50x.html;
#location = /custom_50x.html {
# internal;
#}
location / {
uwsgi_pass <my.domain.ip>:3031;
include uwsgi_params;
}
location /static {
root /home/fr/env/FRuler/fruler/;
}
}
### for ssl ###
server {
listen <my.domain.ip>:80;
server_name mydomain.com www.mydomain.com;
index index.html index.htm index.py;
access_log /var/log/nginx/mydomain.com.log;
error_log /var/log/nginx/mydomain.log.error;
root /home/fr/;
charset utf-8;
location / {
uwsgi_pass <my.domain.ip>:3031;
include uwsgi_params;
}
location /static {
root /home/fr/env/FRuler/fruler/;
}
}
server {
listen 443 ssl;
server_name mydomain.com www.mydomain.com;
ssl on;
ssl_certificate /etc/ssl/mydomain/ssl.crt;
ssl_certificate_key /etc/ssl/mydomain/server.key;
server_name mydomain www.mydomain.com;
access_log /var/log/nginx/mydomain.com.log;
error_log /var/log/nginx/mydomain.log.error;
location / {
root /home/fr/;
index index.html;
}
}
### end of ssl ###
Any help is appreciated.
Order matters in iptables, rules are traversed sequentially.
After rejecting everything the subsequent rule opening port 443 for HTTPS will never be reached and have no effect. Your general reject rule should be last.