Browsers can't make connection to my server without port 80 open

Mordecai

1/13/24, 6:53 PM

I have a server where NGINX is running as a reverse proxy. My configuration works fine when I leave ports 80 and 443 open on my router. When I only keep 443 on it, I have "Connection timed out" errors. It happens on Chrome, Firefox and Safari so I believe It is not linked to browser configuration.

Here my reverse proxy configuration (very simple as you can see):

events {}

http {
    server {
        listen 443;
        listen 80;
        
        server_name jellyfin.server.com;
        
        location / {
            proxy_pass http://192.168.1.200:8096;
        }
    }
}

What would be wrong? Thanks.

479

1 + 0

firewall

router

nginx

port-forwarding

nginx-reverse-proxy

Score:0

Server

Nikita Kipriyanov

1/13/24, 7:01 PM

Port 80 is the standard port for HTTP. Most systems nowadays opt to use secure connections, so they set up stub server on it which redirects to HTTPS, but even for that, for systems be redirected that way, they need to reach the stub server and redirect, so port needs to be open.

Your port 443 currently doesn't work at all because it is misconfigured. You configured it to be plain HTTP service on a non-standard port; browsers expect HTTPS on port 443 so they try to initiate TLS session and fail. (You can access service right away as http on non-standard port like this http://your.server.name:443/ but that's silly — better use 443 for what is is reserved, a secure service.)

If you want to reverse proxying with HTTPS (port 443), for it to work correctly, you need two things:

listen 443 ssl for it to know this is HTTPS service and not a HTTP service on a non-standard port
Configure certificates. Certificates are managed on the reverse proxy. HTTPS could not possibly work without configuring some certificates. You can also use Let's Encrypt which will do all the configuration for you, if you have the public DNS name pointing to this server.

+ 2

Mordecai

1/13/24, 7:44 PM

Thank you for your answer. I'll configure it properly and make you a feedback if you allow me.

Mordecai

1/13/24, 8:34 PM

Thank you, by enforcing with the `ssl` option (plus `http2`) and an appropriate CA certificate, I was able to only open port 443. Accepted as answer.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Browsers can't make connection to my server without port 80 open

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.