Question

Port 80 not accessible outside of the VPC network, 443 works

I have an old droplet, which is not part of any VPC networks (those were’t a thing 9 years ago when the droplet was created), and I can successfully access port 80 on it. The iptables rules are there in place, nginx is up&running, so far so good.

However, I wanted to make it part of a VPC network, and since only new droplets can be added to a VPC network, I cloned the old one.

So far so good, however once I booted the cloned droplet, and started running some tests, I noticed I was not able to access port 80 outside of the VPC network. The iptables rules, are the same, nginx is running as expected, basically there configuration is the same as on the old server.

Port 80 is accessible from other droplets in the same VPC network, and port 443 is accessible from anywhere, so it seems that some networking layer above my droplets are rejecting the traffic coming from the outside world.

I don’t have any firewall defined on the DigitalOcean portal, I only have the ones that come with the Ubuntu server.

What could be the problem?

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

This was caused by a networking issue on my side, somehow the tcp packets sent to port 80 were dropped by one of the routers, leading to not be able to use that port. The problem got fixed by itself, no DigitalOcean droplet configuration changes was needed.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi there,

With all that has been mentioned, the only thing that comes to my mind is that your Apache services is only binding on your_pivate_ip:80 rather than 0.0.0.0:80.

You can check that with the following command:

netstat -plant | grep 80

If this is the case, in your Apache virtual host you would need to change the bind-address from your private IP to *:80.

Let me know how it goes. Best, Bobby