I don't have much Linux experience but I have run into a problem with firewalld.
My friend and I recently used certbot to get our ssl certificate for a Linode box.
The plan is for nginx to serve a NEXTJS application on subdomain.domain.com and a RESTful api running via Docker on subdomain.domain.com/api.
The http configuration worked well.
But under https firewalld does not allow external connections on port 443 for mysterious reasons.
I reached this conclusion because by using the power of sudo systemctl stop firewalld everything worked nicely again.
Expectation is that after adding common services including https to the docker zone with the firewalld CLI https traffic should be allowed without having to disable the firewall.
Steps to reproduce are:
sudo systemctl start firewalld
sudo firewall-cmd --get-active-zones
docker
interfaces: docker0
sudo firewall-cmd --zone=docker --add-service=http --permanent
sudo firewall-cmd --zone=docker --add-service=httpd --permanent
sudo firewall-cmd --zone=docker --add-service=dns --permanent
sudo firewall-cmd --zone=docker --add-service=dhcpv6-client --permanent
sudo firewall-cmd --reload
sudo firewall-cmd --get-active-zones
docker
interfaces: docker0
sudo firewall-cmd --zone=docker --list-services
dhcpv6-client dns http https
Still getting a timeout error on subdomain.domain.com.
sudo firewall-cmd --zone=docker --add-port=443/tcp --permanent
sudo firewall-cmd --reload
sudo firewall-cmd --zone=docker --list-ports
443/tcp
Still getting a timeout error on subdomain.domain.com.
Suboptimal work-around is to use the power of sudo systemctl stop firewalld to disable firewall protection.
sudo lsof -i :443 shows four nginx processes.
The OS is openSUSE but I can't recall if it's LEAP or Tumbleweed. All packages up-to-date.
I used the website https://www.yougetsignal.com/tools/open-ports/ to diagnose the problem.
I'm sure that I forgot a lot of important details but I will amend with edits later if requested.
Cheers.
