4

On a hosted Ubuntu VM, I have nginx running for http and https, and can access those using the public IP from within the VM:

curl http://159.203.0.5

Doing the same outside the VM fails -- the connection times out.

The ports are open:

root@production01:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)

And nginx is listening on the external interface:

root@production01:~# netstat -an | grep "LISTEN "
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2003            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2004            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2812            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:8002            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 :::25                   :::*                    LISTEN

What else could it be?

Kris Braun
  • 1,330
  • 13
  • 21
  • This server should be within a VPN (check if the public IP is really 159.203.0.5) or firewalled by DigitalOcean... – Capilé Jan 27 '16 at 18:00
  • Yes, the public IP is 129.203.0.5. I can ping it and SSH in, but http and https give no response externally. – Kris Braun Jan 28 '16 at 02:12
  • Inbound traffic can be restricted by iptables, so it's a first check. Sometimes many nginx binaries exist on the server and it causes weird behaviour. Are you sure that it is nginx (or the good nginx binary/process) which is listening? netstat -tlnp | awk '/:80 */ {split($NF,a,"/"); print a[2],a[1]}' then with "nginx -V" check if the process loads the proper conf files. After this check, make that you have no problem of config (nginx.conf and/or dedicated config file). You should add a link to you config file(s) in the question. – Benjamin BALET Jan 29 '16 at 14:08
  • Please add the output of the following commands: `iptables -L -n -v -x`, `iptables -L -n -v -x -t nat`. Also, Nginx seems to be listening externally only in the IPv4 interface, but it's not listening in the IPv6 interface. Depending on several factors, you could be reaching your server through an IPv6 address: make sure this is not the case. Use `tcpdump -i any port 443` and try to perform the connection, you should see incoming packets showing what actual IP addresses are being used. In addition, when using netstat, use `netstat -putan` to also show process names. – jjmontes Feb 01 '16 at 18:51
  • I apologize, I took down the VM on the weekend after not finding a solution. So that IP has been reassigned to someone else now. The IPv6 angle is interested and something I didn't check. – Kris Braun Feb 02 '16 at 21:14
  • First time offering a bounty -- I'm happy to assign it to someone who took the time respond. – Kris Braun Feb 02 '16 at 21:15

1 Answers1

0

I think problem is not on VM but on machine from which you are trying to connect to VM. Does other connections on this machine works properly?

Take a look at this:

foo@bar:~$ curl 159.203.0.5 -v
* Rebuilt URL to: 159.203.0.5/
* Hostname was NOT found in DNS cache
*   Trying 159.203.0.5...
* Connected to 159.203.0.5 (159.203.0.5) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 159.203.0.5
> Accept: */*
>
< HTTP/1.1 404 Not Found
< X-Powered-By: Express
< X-Content-Type-Options: nosniff
< Content-Type: text/html; charset=utf-8
< Content-Length: 13
< Date: Tue, 02 Feb 2016 17:36:31 GMT
< Connection: keep-alive
<
Cannot GET /
* Connection #0 to host 159.203.0.5 left intact

I don't get timeout and this 404 looks OK for me.

owocki
  • 71
  • 7
  • I apologize, I took down the VM on the weekend after not finding a solution. So that IP has been reassigned to someone else now. – Kris Braun Feb 02 '16 at 21:13