my application works and is accessible normally in the local network and the internet network. but when I put it behind nginx (reverse proxy), it is no longer accessible from the internet. anyone know why?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi there @mmuhammadeuss,

I think that it might be due to your firewall, make sure that port 80 and 443 are open.

Another thing that could be causing the issue is the Nginx reverse proxy configuration.
Could you share your exact Nginx configuration?

Also, is your application running on a DigitalOcean Droplet or on your local PC?

Regards,
Bobby

  • thank you for your interest in my concern. I use centos and I have authorized ports 8081 and 443 (firewalld). my application runs on my local pc.
    here is my config file:

    user nginnnx;
    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include /opt/nginx/conf/mime.types;
        include /opt/nginx/conf/naxsi_core.rules;
        default_type  application/octet-stream;
        access_log /var/log/access.log;
        error_log /var/log/error.log;
        sendfile        on;
        keepalive_timeout  65;
        tcp_nodelay on;
        gzip  on;
        gzip_disable "MSIE [1-6].(?!.*SV1)";
        server {
            listen 8081;
            server_name my.spacze.org;
            access_log off ;
            error_log off ;
    location /RequestDenied {            return 403;        }
    
    error_page 403 /403_error.html;
            location = /403_error.html {
                root /usr/share/nginx/html;
                internal;        }
     }
        server {
            listen 443 ssl;
            server_name my.spacze.org;
            access_log off ;
            error_log off ;
            ssl_certificate /etc/certs/spa.crt;
            ssl_certificate_key /etc/private/keyy.key;
    error_page 403 /403_error.html;
            location = /403_error.html {
                root /usr/share/nginx/html;   
                internal;
            }
    
    error_page 404 /404_error.html;
            location = /404_error.html {
                root /usr/share/nginx/html;
                internal;
            }
    location ~/home/(.*)$ {
    resolver 4.4.4.4;
     include /opt/nginx/conf/naxsi.rules;
    proxy_pass https://inter.apopzs.org/$1;
    }
               }
    }
    
    

    so in the local network and from the internet the link https://inter.apopzs.org/ works properly. but once behind the reverse proxy, the link https://my.spacze.org/home/ which must show the content of the link https://inter.apopzs.org/ does not work from the internet but only in the local network .
    I use the resolver command because I am behind a firewall

    • Hi there @mmuhammadeuss,

      Are there any errors in your Nginx error log? You can check that with the following command:

      • tail -100 /var/log/error.log

      Feel free to share the output here.
      Regards,
      Bobby

      • Thank you for your interest.
        by analyzing the results of the command:

        • at first sight nothing special; the 100 errors generated are in fact the failed intrusion attempts of my vulnerability scanner. Example link

        even in my network architecture doing portforwarding it doesn’t work … I always have the error Object not found! The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again . Error 404.

        I don’t know if it’s my network architecture that poses the problem; I am confused and stuck;

      • my network topology is as follows:
        -the local network application runs on different servers and some are accessible from the internet;
        -a nginx/naxsi server is in place to protect these applications. this nginx/naxsi server must be accessible from the internet. a reverse proxy was set up by also protecting my applications behind the naxsi firewall.
        what remains for me to do is make this nginx/naxsi server accessible from the internet; I would like my protected applications behind naxsi to be accessible from the internet.

        • Hi there @mmuhammadeuss,

          I could suggest pining the inter.apopzs.org domain name from your Droplet to see if you get a response. If you do not get a response, I could suggest adding an entry to your /etc/hosts file so that your Droplet could resolve the domain.

          Also if you get a response, I would suggest trying to run curl -IL inter.apopzs.org from your Droplet and see if you get the correct response.

          Another thing that you could try doing is to run a traceroute from your Droplet to your inter.apopzs.org domain:

          • traceroute inter.apopzs.org

          Let me know how it goes.
          Regards,
          Bobby

Submit an Answer