Join Log in
Score:0
0nepeop1e avatar Server

Loopback connection seems blocked

in flag
0nepeop1e

Here is the situation i met:

  • Server is managed by laravel forge
  • It is serving behind cloudflare reverse proxy
  • Nginx is up and running, listening on both port 80 and 443 (confirmed)

now i need to configure a custom load balancer for this server, and there is a very weird thing happens, when I trying to curl the url from outside, the request is success, access log appended into nginx log, but when i trying to access it from the load balancer machine via curl --resolve, the connection closed before anything happens (no header no status, basically no response at all).

First, I thought it was a firewall configuration issue, so I ssh into the application server, and try curl --resolve xxxx:80:127.0.0.1 which is access it via loopback connection, but same thing happens.

Then I tried to do the same thing again with https, but the connection closed when client trying to initiate the TLS handshake.

The whole thing seems like the loopback being blocked which sounds impossible to me, so does anyone got any clue of how this issue happens?

p/s: I did check about the firewall, ufw is enabled but I am getting same result after ufw is disabled

In this picture, I should get 404 instead of no results at all

forge@dev-server1:~$ curl -v localhost
*   Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
forge@dev-server1:~$

Update

Suggested by comment, I run nginx -T and then here is the output

p/s: here is the test for https i mentioned before

forge@dev-server1:~$ curl --resolve member.domain.hide:443:127.0.0.1 https://member.domain.hide -v
* Added member.domain.hide:443:127.0.0.1 to DNS cache
* Hostname member.domain.hide was found in DNS cache
*   Trying 127.0.0.1:443...
* TCP_NODELAY set
* Connected to member.domain.hide (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: Connection reset by peer in connection to member.domain.hide:443 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to member.domain.hide:443 
forge@dev-server1:~$
71
0 + 0
jp flag
AlexD
show `nginx -T` output. And don't post text information as images.
0
Reply
0nepeop1e avatar
in flag
0nepeop1e
thanks for advice, i updated the question
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.