NGINX + HTTPS causes 504 Gateway Timeout error for external requests

Question

I'm running nginx server on my Raspberry Pi and it seems to be working just fine using HTTP protocol. Recently, I decided to add HTTPS support to my server and got certificate from Let's Encrypt. And it still works like a charm, if you are sending requests from local network. But every external request via HTTPS ends with 504 Gateway Timeout error.

Here is my config:

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name domain.name;

    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 180m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

    ssl_certificate /etc/letsencrypt/live/domain.name/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.name/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/domain.name/chain.pem;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

    location ~ /.well-known {
        allow all;
        root /usr/share/nginx/html;
    }
}

Does your PI has a static IP assigned? If not then you need to configure your router to forward port 80 and 443 to rasp IP then it would work. Else your rasp PI behind a local network is unreachable and hence then 504 — Tarun Lalwani, Oct 16 '17 at 06:46
@TarunLalwani, static IP and port forwarding for 80 and 443 are configured. — Alexander, Oct 16 '17 at 07:26
But i think request is still not reaching nginx. Do you see anything in access log for external requests? — Tarun Lalwani, Oct 16 '17 at 07:28
@TarunLalwani, you are right. Still don't know what causes it, but when I changed port forwarding from 443 -> 443 to 8081 -> 443 and sent a request to https://domain.name:8081, it worked. Further investigation is needed, though. Thank you for help! — Alexander, Oct 16 '17 at 16:35

score -2 · Accepted Answer · answered Oct 16 '17 at 16:51

-2

Found out that my ISP has a firewall service active by default. It was blocking all connections to 443 port. Disabling it resolved my issue.

answered Oct 16 '17 at 16:51

Alexander

143
2
9

NGINX + HTTPS causes 504 Gateway Timeout error for external requests

1 Answers1