Browsers can't make connection to my server without port 80 open

Question

I have a server where NGINX is running as a reverse proxy. My configuration works fine when I leave ports 80 and 443 open on my router. When I only keep 443 on it, I have "Connection timed out" errors. It happens on Chrome, Firefox and Safari so I believe It is not linked to browser configuration.

Here my reverse proxy configuration (very simple as you can see):

events {}

http {
    server {
        listen 443;
        listen 80;
        
        server_name jellyfin.server.com;
        
        location / {
            proxy_pass http://192.168.1.200:8096;
        }
    }
}

What would be wrong? Thanks.

Answer 1

Port 80 is the standard port for HTTP. Most systems nowadays opt to use secure connections, so they set up stub server on it which redirects to HTTPS, but even for that, for systems be redirected that way, they need to reach the stub server and redirect, so port needs to be open.

Your port 443 currently doesn't work at all because it is misconfigured. You configured it to be plain HTTP service on a non-standard port; browsers expect HTTPS on port 443 so they try to initiate TLS session and fail. (You can access service right away as http on non-standard port like this http://your.server.name:443/ but that's silly — better use 443 for what is is reserved, a secure service.)

If you want to reverse proxying with HTTPS (port 443), for it to work correctly, you need two things:

• listen 443 ssl for it to know this is HTTPS service and not a HTTP service on a non-standard port
• Configure certificates. Certificates are managed on the reverse proxy. HTTPS could not possibly work without configuring some certificates. You can also use Let's Encrypt which will do all the configuration for you, if you have the public DNS name pointing to this server.