Nginx will not listen on ipv4 port 443Nginx gives 504 Gateway Time-out once moved to liveNginx proxy pass works for https but not httpProperly setting up a “default” nginx server for httpsNginX + WordPress + SSL + non-www + W3TC vhost config file questionsPort 443 set up SSL on Nginx + Ubuntu + EC2403 Forbidden nginx (nginx/1.8.0)nginx as reverse ssl proxy (Apache + Varnish) skips its own configurationWhy Nginx calls for invalid certificate in non-existent subdomains just to redirect to 404?Nginx HTTPS connection to port 443 refusedNginx reverse proxy to many local servers + webserver duty

What does 'made on' mean here?

How long would it take for people to notice a mass disappearance?

Should I dumb down my writing in a foreign country?

SafeCracker #3 - We've Been Blocked

I need a disease

Are the Night's Watch still required?

How do LIGO and VIRGO know that a gravitational wave has its origin in a neutron star or a black hole?

Are pressure-treated posts that have been submerged for a few days ruined?

Can my company stop me from working overtime?

Why did the Apollo 13 crew extend the LM landing gear?

Appropriate certificate to ask for a fibre installation (ANSI/TIA-568.3-D?)

Pressure inside an infinite ocean?

List of newcommands used

Upside-Down Pyramid Addition...REVERSED!

Word meaning as function of the composition of its phonemes

How can I support myself financially as a 17 year old with a loan?

I have a unique character that I'm having a problem writing. He's a virus!

Can there be a single technologically advanced nation, in a continent full of non-technologically advanced nations?

Target/total memory is higher than max_server_memory

Do I add my skill check modifier to the roll of 15 granted by Glibness?

Floor of Riemann zeta function

How can I roleplay a follower-type character when I as a player have a leader-type personality?

A factorization game

Will 700 more planes a day fly because of the Heathrow expansion?



Nginx will not listen on ipv4 port 443


Nginx gives 504 Gateway Time-out once moved to liveNginx proxy pass works for https but not httpProperly setting up a “default” nginx server for httpsNginX + WordPress + SSL + non-www + W3TC vhost config file questionsPort 443 set up SSL on Nginx + Ubuntu + EC2403 Forbidden nginx (nginx/1.8.0)nginx as reverse ssl proxy (Apache + Varnish) skips its own configurationWhy Nginx calls for invalid certificate in non-existent subdomains just to redirect to 404?Nginx HTTPS connection to port 443 refusedNginx reverse proxy to many local servers + webserver duty






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















Nginx will not listen on ipv4 port 443. It listens on ipv4/6 port 80 and ipv6 port 443 but not ipv4 port 443.



Debian Stretch 9.8 - currently updated



Installed nginx-full package with apt



root@loadbalance01:/etc/nginx# nginx -v
nginx version: nginx/1.10.3


After doing:



systemctl stop nginx
systemctl start nginx

root@loadbalance01:/etc/nginx# !166
netstat -anop | grep LISTEN | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 13533/nginx: master off (0.00/0/0)
tcp6 0 0 :::80 :::* LISTEN 13533/nginx: master off (0.00/0/0)
tcp6 0 0 :::443 :::* LISTEN 13533/nginx: master off (0.00/0/0)


Conspicuously absent is port 443 on tcp.



Just to be sure nothing else is listening on tcp 443



root@loadbalance01:/etc/nginx# netstat -anop | grep LISTEN | grep ':443'
tcp6 0 0 :::443 :::* LISTEN 13533/nginx: master off (0.00/0/0)


Nope only tcp6.



The only errors in /var/log/nginx/error.log are old errors that have been corrected.



nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful


My config:



I am just trying to create a simple load balancer with 1 node till I can show this works.



nginx.conf
Note this is only modified by removing the sites-enabled line, I am using a conf.d config.



user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events 
 worker_connections 768;
 # multi_accept on;


http 

 ##
 # Basic Settings
 ##

 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
 keepalive_timeout 65;
 types_hash_max_size 2048;
 # server_tokens off;

 # server_names_hash_bucket_size 64;
 # server_name_in_redirect off;

 include /etc/nginx/mime.types;
 default_type application/octet-stream;

 ##
 # SSL Settings
 ##

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 ssl_prefer_server_ciphers on;

 ##
 # Logging Settings
 ##

 access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log;

 ##
 # Gzip Settings
 ##

 gzip on;
 gzip_disable "msie6";

 # gzip_vary on;
 # gzip_proxied any;
 # gzip_comp_level 6;
 # gzip_buffers 16 8k;
 # gzip_http_version 1.1;
 # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

 ##
 # Virtual Host Configs
 ##

 include /etc/nginx/conf.d/*.conf;



The only other file modified is:



root@loadbalance01:/etc/nginx# cat conf.d/loadbalance.conf

upstream example 
 server 192.168.1.250;


server 
 server_name example.com

 listen 443 ssl;
 listen [::]:443 ssl;

 ssl on;

 ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

 location / 
 proxy_pass http://example;
 


server 
 listen 80 default_server;
 listen [::]:80 default_server;

 server_name _;

 return 301 https://example.com;



NOTE: renamed to example.com






nginx load-balancing https







share|improve this question
























  • With linux by default, when a process listens on the ipv6 port, ipv4 connections will also come into that socket. So a separate listener on ipv4 is not needed and probably not even possible because of this.

    – wurtel
    Apr 25 at 7:46











  • I tried a telnet 192.168.1.249 443 from another server on the same lan and it says connection refused.

    – Bodger
    Apr 25 at 19:28






  • 2





    You’ve missed semicolon after server_name directive, so you don’t have listen 443 ssl directive, but instead you have weird server names listen, 443 and ssl.

    – Alexey Ten
    Apr 25 at 20:10











  • And, btw, you don’t need ssl on

    – Alexey Ten
    Apr 25 at 20:12

















0















Nginx will not listen on ipv4 port 443. It listens on ipv4/6 port 80 and ipv6 port 443 but not ipv4 port 443.



Debian Stretch 9.8 - currently updated



Installed nginx-full package with apt



root@loadbalance01:/etc/nginx# nginx -v
nginx version: nginx/1.10.3


After doing:



systemctl stop nginx
systemctl start nginx

root@loadbalance01:/etc/nginx# !166
netstat -anop | grep LISTEN | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 13533/nginx: master off (0.00/0/0)
tcp6 0 0 :::80 :::* LISTEN 13533/nginx: master off (0.00/0/0)
tcp6 0 0 :::443 :::* LISTEN 13533/nginx: master off (0.00/0/0)


Conspicuously absent is port 443 on tcp.



Just to be sure nothing else is listening on tcp 443



root@loadbalance01:/etc/nginx# netstat -anop | grep LISTEN | grep ':443'
tcp6 0 0 :::443 :::* LISTEN 13533/nginx: master off (0.00/0/0)


Nope only tcp6.



The only errors in /var/log/nginx/error.log are old errors that have been corrected.



nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful


My config:



I am just trying to create a simple load balancer with 1 node till I can show this works.



nginx.conf
Note this is only modified by removing the sites-enabled line, I am using a conf.d config.



user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events 
 worker_connections 768;
 # multi_accept on;


http 

 ##
 # Basic Settings
 ##

 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
 keepalive_timeout 65;
 types_hash_max_size 2048;
 # server_tokens off;

 # server_names_hash_bucket_size 64;
 # server_name_in_redirect off;

 include /etc/nginx/mime.types;
 default_type application/octet-stream;

 ##
 # SSL Settings
 ##

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 ssl_prefer_server_ciphers on;

 ##
 # Logging Settings
 ##

 access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log;

 ##
 # Gzip Settings
 ##

 gzip on;
 gzip_disable "msie6";

 # gzip_vary on;
 # gzip_proxied any;
 # gzip_comp_level 6;
 # gzip_buffers 16 8k;
 # gzip_http_version 1.1;
 # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

 ##
 # Virtual Host Configs
 ##

 include /etc/nginx/conf.d/*.conf;



The only other file modified is:



root@loadbalance01:/etc/nginx# cat conf.d/loadbalance.conf

upstream example 
 server 192.168.1.250;


server 
 server_name example.com

 listen 443 ssl;
 listen [::]:443 ssl;

 ssl on;

 ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

 location / 
 proxy_pass http://example;
 


server 
 listen 80 default_server;
 listen [::]:80 default_server;

 server_name _;

 return 301 https://example.com;



NOTE: renamed to example.com






nginx load-balancing https







share|improve this question
























  • With linux by default, when a process listens on the ipv6 port, ipv4 connections will also come into that socket. So a separate listener on ipv4 is not needed and probably not even possible because of this.

    – wurtel
    Apr 25 at 7:46











  • I tried a telnet 192.168.1.249 443 from another server on the same lan and it says connection refused.

    – Bodger
    Apr 25 at 19:28






  • 2





    You’ve missed semicolon after server_name directive, so you don’t have listen 443 ssl directive, but instead you have weird server names listen, 443 and ssl.

    – Alexey Ten
    Apr 25 at 20:10











  • And, btw, you don’t need ssl on

    – Alexey Ten
    Apr 25 at 20:12













0












0








0








Nginx will not listen on ipv4 port 443. It listens on ipv4/6 port 80 and ipv6 port 443 but not ipv4 port 443.



Debian Stretch 9.8 - currently updated



Installed nginx-full package with apt



root@loadbalance01:/etc/nginx# nginx -v
nginx version: nginx/1.10.3


After doing:



systemctl stop nginx
systemctl start nginx

root@loadbalance01:/etc/nginx# !166
netstat -anop | grep LISTEN | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 13533/nginx: master off (0.00/0/0)
tcp6 0 0 :::80 :::* LISTEN 13533/nginx: master off (0.00/0/0)
tcp6 0 0 :::443 :::* LISTEN 13533/nginx: master off (0.00/0/0)


Conspicuously absent is port 443 on tcp.



Just to be sure nothing else is listening on tcp 443



root@loadbalance01:/etc/nginx# netstat -anop | grep LISTEN | grep ':443'
tcp6 0 0 :::443 :::* LISTEN 13533/nginx: master off (0.00/0/0)


Nope only tcp6.



The only errors in /var/log/nginx/error.log are old errors that have been corrected.



nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful


My config:



I am just trying to create a simple load balancer with 1 node till I can show this works.



nginx.conf
Note this is only modified by removing the sites-enabled line, I am using a conf.d config.



user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events 
 worker_connections 768;
 # multi_accept on;


http 

 ##
 # Basic Settings
 ##

 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
 keepalive_timeout 65;
 types_hash_max_size 2048;
 # server_tokens off;

 # server_names_hash_bucket_size 64;
 # server_name_in_redirect off;

 include /etc/nginx/mime.types;
 default_type application/octet-stream;

 ##
 # SSL Settings
 ##

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 ssl_prefer_server_ciphers on;

 ##
 # Logging Settings
 ##

 access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log;

 ##
 # Gzip Settings
 ##

 gzip on;
 gzip_disable "msie6";

 # gzip_vary on;
 # gzip_proxied any;
 # gzip_comp_level 6;
 # gzip_buffers 16 8k;
 # gzip_http_version 1.1;
 # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

 ##
 # Virtual Host Configs
 ##

 include /etc/nginx/conf.d/*.conf;



The only other file modified is:



root@loadbalance01:/etc/nginx# cat conf.d/loadbalance.conf

upstream example 
 server 192.168.1.250;


server 
 server_name example.com

 listen 443 ssl;
 listen [::]:443 ssl;

 ssl on;

 ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

 location / 
 proxy_pass http://example;
 


server 
 listen 80 default_server;
 listen [::]:80 default_server;

 server_name _;

 return 301 https://example.com;



NOTE: renamed to example.com






nginx load-balancing https







share|improve this question
















Nginx will not listen on ipv4 port 443. It listens on ipv4/6 port 80 and ipv6 port 443 but not ipv4 port 443.



Debian Stretch 9.8 - currently updated



Installed nginx-full package with apt



root@loadbalance01:/etc/nginx# nginx -v
nginx version: nginx/1.10.3


After doing:



systemctl stop nginx
systemctl start nginx

root@loadbalance01:/etc/nginx# !166
netstat -anop | grep LISTEN | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 13533/nginx: master off (0.00/0/0)
tcp6 0 0 :::80 :::* LISTEN 13533/nginx: master off (0.00/0/0)
tcp6 0 0 :::443 :::* LISTEN 13533/nginx: master off (0.00/0/0)


Conspicuously absent is port 443 on tcp.



Just to be sure nothing else is listening on tcp 443



root@loadbalance01:/etc/nginx# netstat -anop | grep LISTEN | grep ':443'
tcp6 0 0 :::443 :::* LISTEN 13533/nginx: master off (0.00/0/0)


Nope only tcp6.



The only errors in /var/log/nginx/error.log are old errors that have been corrected.



nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful


My config:



I am just trying to create a simple load balancer with 1 node till I can show this works.



nginx.conf
Note this is only modified by removing the sites-enabled line, I am using a conf.d config.



user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events 
 worker_connections 768;
 # multi_accept on;


http 

 ##
 # Basic Settings
 ##

 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
 keepalive_timeout 65;
 types_hash_max_size 2048;
 # server_tokens off;

 # server_names_hash_bucket_size 64;
 # server_name_in_redirect off;

 include /etc/nginx/mime.types;
 default_type application/octet-stream;

 ##
 # SSL Settings
 ##

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 ssl_prefer_server_ciphers on;

 ##
 # Logging Settings
 ##

 access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log;

 ##
 # Gzip Settings
 ##

 gzip on;
 gzip_disable "msie6";

 # gzip_vary on;
 # gzip_proxied any;
 # gzip_comp_level 6;
 # gzip_buffers 16 8k;
 # gzip_http_version 1.1;
 # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

 ##
 # Virtual Host Configs
 ##

 include /etc/nginx/conf.d/*.conf;



The only other file modified is:



root@loadbalance01:/etc/nginx# cat conf.d/loadbalance.conf

upstream example 
 server 192.168.1.250;


server 
 server_name example.com

 listen 443 ssl;
 listen [::]:443 ssl;

 ssl on;

 ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

 location / 
 proxy_pass http://example;
 


server 
 listen 80 default_server;
 listen [::]:80 default_server;

 server_name _;

 return 301 https://example.com;



NOTE: renamed to example.com






nginx load-balancing https




nginx load-balancing https






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 25 at 2:42







Bodger

















asked Apr 24 at 23:46









BodgerBodger

1012




1012












  • With linux by default, when a process listens on the ipv6 port, ipv4 connections will also come into that socket. So a separate listener on ipv4 is not needed and probably not even possible because of this.

    – wurtel
    Apr 25 at 7:46











  • I tried a telnet 192.168.1.249 443 from another server on the same lan and it says connection refused.

    – Bodger
    Apr 25 at 19:28






  • 2





    You’ve missed semicolon after server_name directive, so you don’t have listen 443 ssl directive, but instead you have weird server names listen, 443 and ssl.

    – Alexey Ten
    Apr 25 at 20:10











  • And, btw, you don’t need ssl on

    – Alexey Ten
    Apr 25 at 20:12

















  • With linux by default, when a process listens on the ipv6 port, ipv4 connections will also come into that socket. So a separate listener on ipv4 is not needed and probably not even possible because of this.

    – wurtel
    Apr 25 at 7:46











  • I tried a telnet 192.168.1.249 443 from another server on the same lan and it says connection refused.

    – Bodger
    Apr 25 at 19:28






  • 2





    You’ve missed semicolon after server_name directive, so you don’t have listen 443 ssl directive, but instead you have weird server names listen, 443 and ssl.

    – Alexey Ten
    Apr 25 at 20:10











  • And, btw, you don’t need ssl on

    – Alexey Ten
    Apr 25 at 20:12
















With linux by default, when a process listens on the ipv6 port, ipv4 connections will also come into that socket. So a separate listener on ipv4 is not needed and probably not even possible because of this.

– wurtel
Apr 25 at 7:46





With linux by default, when a process listens on the ipv6 port, ipv4 connections will also come into that socket. So a separate listener on ipv4 is not needed and probably not even possible because of this.

– wurtel
Apr 25 at 7:46













I tried a telnet 192.168.1.249 443 from another server on the same lan and it says connection refused.

– Bodger
Apr 25 at 19:28





I tried a telnet 192.168.1.249 443 from another server on the same lan and it says connection refused.

– Bodger
Apr 25 at 19:28




2




2





You’ve missed semicolon after server_name directive, so you don’t have listen 443 ssl directive, but instead you have weird server names listen, 443 and ssl.

– Alexey Ten
Apr 25 at 20:10





You’ve missed semicolon after server_name directive, so you don’t have listen 443 ssl directive, but instead you have weird server names listen, 443 and ssl.

– Alexey Ten
Apr 25 at 20:10













And, btw, you don’t need ssl on

– Alexey Ten
Apr 25 at 20:12





And, btw, you don’t need ssl on

– Alexey Ten
Apr 25 at 20:12










2 Answers
2






active

oldest

votes


















0














I have not had huge experience with nginx but i have used the following configuration file successfully for reverse proxying / load balancing.
Hopefully something in this will help you



# HTTP Server redirect to HTTPS
server 
 listen 80;
 server_name <WEB_NAME>.example.com;
 return 301 https://$host$request_uri;


# HTTPS Server
server 
 listen 443;
 server_name <WEB_NAME>.example.com;

 # It is best to place the root of the server block at the server level, and not the location level
 # any location block path will be relative to this root. 
 root /site/<WEB_NAME>;

 access_log /var/log/nginx/<WEB_NAME>.access.log;
 error_log /var/log/nginx/<WEB_NAME>.error.log;

 ssl on;
 ssl_certificate /etc/nginx/ssl/<WEB_NAME>/example.com.cer;
 ssl_certificate_key /etc/nginx/ssl/<WEB_NAME>/example.com.nopass.key;
 ssl_protocols TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
 ssl_session_cache builtin:1000 shared:SSL:10m;
 ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 ssl_prefer_server_ciphers on;


 location / 
 proxy_pass http://backend/;
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "upgrade";
 proxy_set_header Host $http_host;

 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forward-Proto http;
 proxy_set_header X-Nginx-Proxy true;

 proxy_redirect off;
 



# Uncomment other server entries if Loadbalance Configuration is required
upstream backend 
 server 127.0.0.1:80;
# server <BACKEND_SERVER2>:<PORT>;
# server <BACKEND_SERVER3>:<PORT>;



**NOTE: also renamed to example.com ;)






share|improve this answer






























    0














    Thanx to Alexy Ten,



    The configuration was missing a semi colon after the server name directive. It passed syntax check, but was still wrong.



    Thanx






    share|improve this answer























      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "2"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f964483%2fnginx-will-not-listen-on-ipv4-port-443%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      0














      I have not had huge experience with nginx but i have used the following configuration file successfully for reverse proxying / load balancing.
      Hopefully something in this will help you



      # HTTP Server redirect to HTTPS
      server 
       listen 80;
       server_name <WEB_NAME>.example.com;
       return 301 https://$host$request_uri;


      # HTTPS Server
      server 
       listen 443;
       server_name <WEB_NAME>.example.com;

       # It is best to place the root of the server block at the server level, and not the location level
       # any location block path will be relative to this root. 
       root /site/<WEB_NAME>;

       access_log /var/log/nginx/<WEB_NAME>.access.log;
       error_log /var/log/nginx/<WEB_NAME>.error.log;

       ssl on;
       ssl_certificate /etc/nginx/ssl/<WEB_NAME>/example.com.cer;
       ssl_certificate_key /etc/nginx/ssl/<WEB_NAME>/example.com.nopass.key;
       ssl_protocols TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
       ssl_session_cache builtin:1000 shared:SSL:10m;
       ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
       ssl_prefer_server_ciphers on;


       location / 
       proxy_pass http://backend/;
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_set_header Host $http_host;

       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forward-Proto http;
       proxy_set_header X-Nginx-Proxy true;

       proxy_redirect off;
       



      # Uncomment other server entries if Loadbalance Configuration is required
      upstream backend 
       server 127.0.0.1:80;
      # server <BACKEND_SERVER2>:<PORT>;
      # server <BACKEND_SERVER3>:<PORT>;



      **NOTE: also renamed to example.com ;)






      share|improve this answer



























        0














        I have not had huge experience with nginx but i have used the following configuration file successfully for reverse proxying / load balancing.
        Hopefully something in this will help you



        # HTTP Server redirect to HTTPS
        server 
         listen 80;
         server_name <WEB_NAME>.example.com;
         return 301 https://$host$request_uri;


        # HTTPS Server
        server 
         listen 443;
         server_name <WEB_NAME>.example.com;

         # It is best to place the root of the server block at the server level, and not the location level
         # any location block path will be relative to this root. 
         root /site/<WEB_NAME>;

         access_log /var/log/nginx/<WEB_NAME>.access.log;
         error_log /var/log/nginx/<WEB_NAME>.error.log;

         ssl on;
         ssl_certificate /etc/nginx/ssl/<WEB_NAME>/example.com.cer;
         ssl_certificate_key /etc/nginx/ssl/<WEB_NAME>/example.com.nopass.key;
         ssl_protocols TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
         ssl_session_cache builtin:1000 shared:SSL:10m;
         ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
         ssl_prefer_server_ciphers on;


         location / 
         proxy_pass http://backend/;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $http_host;

         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forward-Proto http;
         proxy_set_header X-Nginx-Proxy true;

         proxy_redirect off;
         



        # Uncomment other server entries if Loadbalance Configuration is required
        upstream backend 
         server 127.0.0.1:80;
        # server <BACKEND_SERVER2>:<PORT>;
        # server <BACKEND_SERVER3>:<PORT>;



        **NOTE: also renamed to example.com ;)






        share|improve this answer

























          0












          0








          0







          I have not had huge experience with nginx but i have used the following configuration file successfully for reverse proxying / load balancing.
          Hopefully something in this will help you



          # HTTP Server redirect to HTTPS
          server 
           listen 80;
           server_name <WEB_NAME>.example.com;
           return 301 https://$host$request_uri;


          # HTTPS Server
          server 
           listen 443;
           server_name <WEB_NAME>.example.com;

           # It is best to place the root of the server block at the server level, and not the location level
           # any location block path will be relative to this root. 
           root /site/<WEB_NAME>;

           access_log /var/log/nginx/<WEB_NAME>.access.log;
           error_log /var/log/nginx/<WEB_NAME>.error.log;

           ssl on;
           ssl_certificate /etc/nginx/ssl/<WEB_NAME>/example.com.cer;
           ssl_certificate_key /etc/nginx/ssl/<WEB_NAME>/example.com.nopass.key;
           ssl_protocols TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
           ssl_session_cache builtin:1000 shared:SSL:10m;
           ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
           ssl_prefer_server_ciphers on;


           location / 
           proxy_pass http://backend/;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
           proxy_set_header Host $http_host;

           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forward-Proto http;
           proxy_set_header X-Nginx-Proxy true;

           proxy_redirect off;
           



          # Uncomment other server entries if Loadbalance Configuration is required
          upstream backend 
           server 127.0.0.1:80;
          # server <BACKEND_SERVER2>:<PORT>;
          # server <BACKEND_SERVER3>:<PORT>;



          **NOTE: also renamed to example.com ;)






          share|improve this answer













          I have not had huge experience with nginx but i have used the following configuration file successfully for reverse proxying / load balancing.
          Hopefully something in this will help you



          # HTTP Server redirect to HTTPS
          server 
           listen 80;
           server_name <WEB_NAME>.example.com;
           return 301 https://$host$request_uri;


          # HTTPS Server
          server 
           listen 443;
           server_name <WEB_NAME>.example.com;

           # It is best to place the root of the server block at the server level, and not the location level
           # any location block path will be relative to this root. 
           root /site/<WEB_NAME>;

           access_log /var/log/nginx/<WEB_NAME>.access.log;
           error_log /var/log/nginx/<WEB_NAME>.error.log;

           ssl on;
           ssl_certificate /etc/nginx/ssl/<WEB_NAME>/example.com.cer;
           ssl_certificate_key /etc/nginx/ssl/<WEB_NAME>/example.com.nopass.key;
           ssl_protocols TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
           ssl_session_cache builtin:1000 shared:SSL:10m;
           ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
           ssl_prefer_server_ciphers on;


           location / 
           proxy_pass http://backend/;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
           proxy_set_header Host $http_host;

           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forward-Proto http;
           proxy_set_header X-Nginx-Proxy true;

           proxy_redirect off;
           



          # Uncomment other server entries if Loadbalance Configuration is required
          upstream backend 
           server 127.0.0.1:80;
          # server <BACKEND_SERVER2>:<PORT>;
          # server <BACKEND_SERVER3>:<PORT>;



          **NOTE: also renamed to example.com ;)







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Apr 25 at 3:09









          NickNick

          11




          11























              0














              Thanx to Alexy Ten,



              The configuration was missing a semi colon after the server name directive. It passed syntax check, but was still wrong.



              Thanx






              share|improve this answer



























                0














                Thanx to Alexy Ten,



                The configuration was missing a semi colon after the server name directive. It passed syntax check, but was still wrong.



                Thanx






                share|improve this answer

























                  0












                  0








                  0







                  Thanx to Alexy Ten,



                  The configuration was missing a semi colon after the server name directive. It passed syntax check, but was still wrong.



                  Thanx






                  share|improve this answer













                  Thanx to Alexy Ten,



                  The configuration was missing a semi colon after the server name directive. It passed syntax check, but was still wrong.



                  Thanx







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Apr 26 at 21:04









                  BodgerBodger

                  1012




                  1012



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Server Fault!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f964483%2fnginx-will-not-listen-on-ipv4-port-443%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      How to write a 12-bar blues melodyI-IV-V blues progressionHow to play the bridges in a standard blues progressionHow does Gdim7 fit in C# minor?question on a certain chord progressionMusicology of Melody12 bar blues, spread rhythm: alternative to 6th chord to avoid finger stretchChord progressions/ Root key/ MelodiesHow to put chords (POP-EDM) under a given lead vocal melody (starting from a good knowledge in music theory)Are there “rules” for improvising with the minor pentatonic scale over 12-bar shuffle?Confusion about blues scale and chords

                      Image
                      Why is a set not a partition of itself? Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Labeling matrices/rectangles and drawing Sigma inside rectangle Unexpected Netflix account registered to my Gmail address - any way it could be a hack attempt? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Missouri raptors have wild hairdos Can someone explain homicide-related death rates? Why is tomato paste so cheap? What are the implications of the new alleged key recovery attack preprint on SIMON? Effects of ~10atm pressure on engine design Is taking modulus on both sides of an equation valid? Jumping frame contents with beamer and pgfplots Are there any established rules for splitting books into parts, chapters, sections etc? Anatomically Correct Carnivorous Tree Why do I get two different answers when solvi...
                      Read more

                      What if the end-user didn't have the required library?What is setup.py?What is a clean, pythonic way to have multiple constructors in Python?What does Ruby have that Python doesn't, and vice versa?What is the reason for having '//' in Python?How do I create a namespace package in Python?How to package shared objects that python modules depend on?setuptools vs. distutils: why is distutils still a thing?Navigation in Windows 10 vs code not going to virtualenv library when the same library is installed at user levelPython create package for local usePackaging a project that uses multiple python versionsWhy is permission denied on pip install except for when “--user” is included at end of command?

                      Image
                      Can a tourist shoot a gun in the USA? Will a coyote attack my dog on a leash while I'm on a hiking trail? Labeling matrices/rectangles and drawing Sigma inside rectangle How can I answer high-school writing prompts without sounding weird and fake? Is there ever any indication in the MCU as to how Spider-Man got his powers? Jumping frame contents with beamer and pgfplots Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Is it possible to create different colors in rocket exhaust? German characters on US-International keyboard layout Does gravity affect the time evolution of a QM wave function? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Why are solar panels kept tilted? Is Germany still exporting arms to countries involved in Yemen? Unexpected Netflix account registered to my Gmail address - any wa...
                      Read more

                      Esgonzo ibérico Índice Descrición Distribución Hábitat Ameazas Notas Véxase tamén "Acerca dos nomes dos anfibios e réptiles galegos""Chalcides bedriagai"Chalcides bedriagai en Carrascal, L. M. Salvador, A. (Eds). Enciclopedia virtual de los vertebrados españoles. Museo Nacional de Ciencias Naturales, Madrid. España.Fotos

                      Image
                      escíncidospenínsula Ibéricaesgonzo comúnJacques von Bedriagaesgonzo comúndimorfismo sexualovovivíparaendémicaPenínsula IbéricaCordilleira CantábricaAsturiasPaís VascoGaliciaRías BaixasMurosCarnotaillas CíesOnsAtlánticoIllas CíesIlla de Onsilla do PesegueiroIlla de Sancti PetriMediterráneoMar MenorIlla de TabarcaGaliciaCantabriaBurgossolosdestrución do hábitatIUCN Abrir o menú principal Procurar Esgonzo ibérico Ler noutra lingua Vixiar esta páxina Editar function mfTempOpenSection(id)var block=document.getElementById("mf-section-"+id);block.className+=" open-block";block.previousSibling.className+=" open-block"; Esgonzo ibérico Estado de conservación Case ameazada Clasificaci...
                      Read more