I am currently having some problems at work when having our web under ssl and using the 443 port. I found this website that checks the status of your server. It says that the 443 is closed.
Port 443 is closed on xx.xxx.xx.xxx.
After a while I tried everything and I don't know what I am doing wrong.
netstat shows this:
sudo netstat -anltp | grep LISTEN
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
And
netstat -nap | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 27898/nginx
tcp 1 0 127.0.0.1:34371 127.0.0.1:443 CLOSE_WAIT 25998/openssl
It is supposed that nginx is listening on that port, right?
Looks that way, because if I use an openssl client I get:
openssl s_client -connect 127.0.0.1:443
CONNECTED(00000003)
But when I try to reach my server from the outside using 443 port I get a connection time out.
openssl s_client -connect xx.xx.xx.xx:443
connect: Connection timed out
connect:errno=110
And here the iptable rules
sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
Chain ufw-after-forward (0 references)
target prot opt source destination
Chain ufw-after-input (0 references)
target prot opt source destination
Chain ufw-after-logging-forward (0 references)
target prot opt source destination
Chain ufw-after-logging-input (0 references)
target prot opt source destination
Chain ufw-after-logging-output (0 references)
target prot opt source destination
Chain ufw-after-output (0 references)
target prot opt source destination
Chain ufw-before-forward (0 references)
target prot opt source destination
Chain ufw-before-input (0 references)
target prot opt source destination
Chain ufw-before-logging-forward (0 references)
target prot opt source destination
Chain ufw-before-logging-input (0 references)
target prot opt source destination
Chain ufw-before-logging-output (0 references)
target prot opt source destination
Chain ufw-before-output (0 references)
target prot opt source destination
Chain ufw-reject-forward (0 references)
target prot opt source destination
Chain ufw-reject-input (0 references)
target prot opt source destination
Chain ufw-reject-output (0 references)
target prot opt source destination
Chain ufw-track-input (0 references)
target prot opt source destination
Chain ufw-track-output (0 references)
target prot opt source destination
Any suggestion would be appreciated.
Thank you.
UPDATE: I forgot to mention that no firewall is actually running:
ufw status
Status: inactive
Some checks first:
P.S. Given your edit (nginx is listening to port 443), it looks like a firewall problem. Note that there are two types of firewalls: Internal (running on your server) and external (running on another machine that controls the network access of your server). Your Update only shows that there is no internal firewall.
If you are using some hosting service like Amazon Web Services that provides a front-end UI, search for the security groups that apply to your running node instance.
In my case I just needed to add 443 exception to the services allowed and that was all.