Related

Tool [NEW] Bandwidth Pricing Calculator Tool
Changed ipaddress of a droplet Question Question
No connection after reboot Question Question

Question

Issue with 443 in my droplet

Posted April 6, 2020 1.1k views
Networking

Hi all!

I want to to a simple web server which will accept JIRA webhooks on 443. That’s why i need to open it. I did “ufw allow 443/tcp” and it seems to be opened, but nothing works. From my other machine i nmaped it and… nothing, only 22/ssh. If i will change it to 8443 everything works perfectly (and nmap can “see” the 8443 port) except JIRA webhooks are only 80/443 :) Is there any limitation from DigitalOcean on 443 port or i missed something? Thanks!!!

Add a comment
j1nka
By:
j1nka
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
6 answers
alexdo April 6, 2020

Hello, @j1nka

There is no limitation on using port 443. I believe that this is happening because at the moment there is no service listening on this port. You can confirm this by running a netstat command from your droplet:

netstat -plunta | grep 443

If there is no output then the issue is that there is no service binded to this port and this is what you’ll need to sort out. You can check the configuration of your web server (Apache, Nginx, Tomcat).

If you get output and you can see that there is a service listening on this port then the issue is most likely with the Firewall configuration.

Let me know how it goes.

Regards,
Alex

Reply Report
bobbyiliev April 6, 2020

Hi there @j1nka,

In order for you to be able to connect to port 443 you need to have a service listening on that port first, otherwise, when you try to connect to the port there would be nothing to handle your connections.

What you need to do is configure either Jira to listen on that port directly or add Nginx as a reverse proxy to forward the traffic from port 443 to your Jira instance. You can do that by following the steps here:

https://confluence.atlassian.com/jirakb/configure-jira-server-to-run-behind-a-nginx-reverse-proxy-426115340.html

Hope that this helps!
Regards,
Bobby

Reply Report
j1nka April 6, 2020

Hi! Thanks for such a quick perly! Service is listening, checked it. Tried to disable UFW, still not working. Also i don’t have any CloudFW from Digital Ocean. All other ports, except 80/443 working correctly

Reply Report
  • bobbyiliev April 6, 2020

    Hi there @j1nka,

    This is quite interesting. Which service exactly do you have listening on port 443?

    As per @alexdo suggestion, would you mind sharing the output of the netstat command:

    • netstat -plunta | grep 443

    Regards,
    Bobby

    Reply Report
j1nka April 6, 2020

@bobbyiliev , it’s a simple aiohttp server.

tcp        0      0 206.189.7.216:443       0.0.0.0:*               LISTEN      4204/python3.6  
tcp        0      0 206.189.7.216:60210     149.154.167.220:443     ESTABLISHED 4204/python3.6
Reply Report
  • bobbyiliev April 6, 2020

    Hi there @j1nka,

    I could suggest trying to bind port 443 on 0.0.0.0:443 rather than 206.189.7.216:443. That way you will be able to access the service from other IP addresses rather than just the Droplet itself.

    Let me know how it goes!
    Regards,
    Bobby

    Reply Report
alexdo April 6, 2020

Hello, @j1nka

As per Bobby’s suggestion it is considered best practice to bind the port (443) on 0.0.0.0:443 as it will give you access to the service from other IP addresses as well.

Let us know how it goes.

Regards,
Alex

Reply Report
j1nka April 6, 2020

Thanks for your replies, @alexdo , @bobbyiliev !!!

Changed to 0.0.0.0, netstat -plunta | grep 443

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4967/python3.6  
tcp        0      0 206.189.7.216:60214     149.154.167.220:443     ESTABLISHED 4967/python3.6

nmap output (nmap -Pn):

PORT   STATE SERVICE
22/tcp open  ssh

My UFW status:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
1194/udp                   ALLOW       Anywhere                  
5000/tcp                   ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
8443/tcp                   ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
1194/udp (v6)              ALLOW       Anywhere (v6)             
5000/tcp (v6)              ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
8443/tcp (v6)              ALLOW       Anywhere (v6)

And if i will change to 8443:

netstat -plunta | grep 443

tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      5031/python3.6

nmap output (nmap -Pn):

PORT     STATE SERVICE
22/tcp   open  ssh
8443/tcp open  https-alt

The same problem is with 80 port. Don’t have any ideas why is it hapenning.

Reply Report
  • bobbyiliev April 7, 2020

    Hi there @j1nka,

    This is indeed quite strange. Your firewall rules look absolutely correct.

    Have you tried the connection to port 80 locally from the Droplet itself? So for example, SSH to your Droplet and run telnet localhost 80 to check if the aiohttp service would accept any connections?

    Another thing you could try, is adding Nginx for example, as a test to see if it would handle connections on port 80 and 443. If it works you could try using it as a reverse proxy to proxy the traffic to your aiohttp agent.

    Let me know how it goes!
    Regards,
    Bobby

    Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help