Join Log in
Score:0
bl4ckb0ne avatar Server

access public ip from localhost timeout on https

cw flag
bl4ckb0ne

I'm setting up a server to share files with some friends and familly. Everything works just fine with HTTP, but since I setup HTTPS this morning, I can't reach the server through the public ip/domain name I setup, I'm getting timeout. It works fine outside of my local network, I can reach it from my phone on LTE, and my friends can reach it too.

Here's my nginx config file, I set up a redirection from HTTP to HTTPS

server {
    listen      80;
    listen      [::]:80;
    server_name DOMAIN;

    location / {
        return 302 https://$server_name$request_uri;
    }

    location /.well-known/acme-challenge/ {
        alias /var/www/.well-known/acme-challenge/;
    }
}

server {
    listen      443 ssl http2;
    listen      [::]:443 ssl http2;
    server_name DOMAIN;
    ssl_certificate /etc/ssl/uacme/DOMAIN/cert.pem;
    ssl_certificate_key /etc/ssl/uacme/private/DOMAIN/key.pem;
    root        /pool/media;
    autoindex   on;
    charset     utf-8;
    
    location / {
        add_header  X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
    }

    location /.well-known/acme-challenge/ {
        alias /var/www/.well-known/acme-challenge/;
    }
}

From localhost, I can reach the domain through HTTP and get a correct 302, but reaching HTTPS will timeout.

$ curl -I http://DOMAIN
HTTP/1.1 302 Moved Temporarily
$ curl -I --resolve 'DOMAIN:443:LOCALIP' https://DOMAIN
HTTP/2 200 
$ curl -I https://DOMAIN
curl: (28) Failed to connect to DOMAIN port 443 after 128882 ms: Couldn't connect to server

I have setup ufw on the server, with the correct configuration to allow traffic on the port 80 and 443. Could this be a problem on the router itself? I have tried several tool online that all points to a healthy server, only my local network is affected.

343
0 + 4
Lex Li avatar
vn flag
Lex Li
See what OpenSSL `s_client` tells, https://www.openssl.org/docs/man1.0.2/man1/openssl-s_client.html
0
Reply
bl4ckb0ne avatar
cw flag
bl4ckb0ne
Im getting `483B54CFC27F0000:error:8000006F:system library:BIO_connect:Connection refused:crypto/bio/bio_sock2.c:114:calling connect()` with errno 111
0
Reply
Lex Li avatar
vn flag
Lex Li
That very much matches what curl printed out. A TCP connection (SSL/TLS) cannot be created with the resolved IP address and port 443. Then what device owns that IP address? A router or something else? That's what you should check first.
0
Reply
bl4ckb0ne avatar
cw flag
bl4ckb0ne
The IP is my public IP, the router forwards the traffic on that port to my server. I'm trying to curl from the same server through the https url. Doing `openssl s_client -connect DOMAIN:443` returns errno 110 this time.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.