> (I guess you either removed the INPUT DROP rule; or added an explicit > "allow 443" beside the "allow 80" rule that was already there. > Whichever > it was, it was "make the local firewall allow the traffic get to > nginx".) Right, the allow 443 actually existed but there was a rule above it that was routing traffic such that it didn't even getby nathanpgibson - Nginx Mailing List - English
Turned out there was an INPUT DROP rule in iptables (but not in ip6tables), although I am using ufw as a firewall. Now https works and my nginx redirects are functioning as expected!by nathanpgibson - Nginx Mailing List - English
Thanks so much, Francis Daly! This is a huge help in isolating the problem. Based on the nginx access log, IPv6 requests to port 443 are getting to nginx but IPv4 requests to port 443 are not. But they are getting to tcpdump. All I see there is a bunch of packets with the tcpflag . I take it this means the handshake is not completing. It was easy to confirm this by turning off IPv6 in my brby nathanpgibson - Nginx Mailing List - English
Just wondering if anyone has further thoughts on what to try here?by nathanpgibson - Nginx Mailing List - English
Thanks for the reply, Thomas. > You said this is "shared hosting" - when you say "shared hosting" do you > mean this is *not* a dedicated machine but one machine out of many in a > shared environment? Sorry, I meant virtual hosting. > Have you tested briefly by disabling your firewall just to see if that > fixes the issue? When I disable UFW I getby nathanpgibson - Nginx Mailing List - English
Hi All, Newbie question. I posted this on Stack Overflow but haven't gotten any replies yet. https://stackoverflow.com/questions/63391424/why-do-i-get-connection-timeout-on-ssl-even-though-nginx-is-listening-and-firewa Most/many visitors to my site https://example.org get a connection timeout. Some visitors get through, possibly ones redirected from http://example.org or those who've previousby nathanpgibson - Nginx Mailing List - English