Nginx refused to connect to port 443

So, I am trying make Nginx serve my website via https, but it keeps hitting me with a refused to connect error.

So here are the outputs for:

  1. curl https://juristnet.ro (this is the website)

    curl: (7) Failed to connect to juristnet.ro port 443: Connection refused
    
  2. netstat -anltp

    tcp        0      0 0.0.0.0:80              0.0.0.0:*                  LISTEN      -               
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -               
    tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      -               
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -               
    tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      -               
    tcp        0      0 46.101.111.197:80       66.249.64.215:60905     TIME_WAIT   -               
    tcp        0      0 46.101.111.197:80       66.249.64.211:57434     ESTABLISHED -               
    tcp        0      0 46.101.111.197:22       82.208.159.43:26902         ESTABLISHED -               
    tcp        0    476 46.101.111.197:22       82.208.159.43:11648     ESTABLISHED -               
    tcp        0      0 46.101.111.197:22       223.99.60.37:16862      ESTABLISHED -               
    tcp6       0      0 :::8080                 :::*                      LISTEN      -               
    tcp6       0      0 :::22                   :::*                    LISTEN      -               
    tcp6       0      0 :::30845                :::*                    LISTEN      -   
    

As you can see, port 443 is open and Nginx is listening

80/tcp   open  http
443/tcp  open  https
3306/tcp open  mysql
5432/tcp open  postgresql

Nmap shows port is open.

UFW is inactive, so not firewall issues. It's a droplet at digitalocean, so no forwarding problems on their side.

  1. iptables -L

    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
    ACCEPT     tcp  --  anywhere             localhost            tcp spts:1024:65535 dpt:https state NEW,ESTABLISHED
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    DOCKER-ISOLATION  all  --  anywhere             anywhere            
    DOCKER     all  --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere            
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain DOCKER (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:http
    ACCEPT     tcp  --  anywhere             172.17.0.2           tcp  dpt:https
    

My Nginx.conf:

user admin root;
worker_processes auto;

error_log  /var/log/nginx/error.log debug;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;

    include /etc/nginx/conf.d/*.conf;
}

My other conf ( for the server blocks):

server {

listen 80;
listen 443 ssl;

server_name  juristnet.ro www.juristnet.ro;
keepalive_timeout   70;

ssl_certificate /etc/letsencrypt/live/juristnet.ro/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/juristnet.ro/privkey.pem;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         HIGH:!aNULL:!MD5;

root /var/test/proiect;
client_max_body_size 10M;

location = /favicon.ico
{
    access_log off; log_not_found off;
            alias /var/test/proiect/favicon.ico;
}

location /static/
{
    autoindex on;
}

    location /assets/
{
            autoindex on;
            alias /var/test/proiect/assets/;
}

    location  ~ /.well-known/
{
            allow all;
}

location / {
    include /etc/nginx/fastcgi_params;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://unix:/var/test/proiect/Tutorial2.sock;
        fastcgi_param   HTTPS               on;
        fastcgi_param   HTTP_SCHEME         https;


}

There is also another subdomain, but i'm guessing that's not relevant.

The error logs and access logs for nginx don't show anything special.

The certificates were obtained from letsencrypt. If I try binding gunicorn
as it is on 0.0.0.0:8000, with the --keyfile and --certfile options, it does work with https, so I am guessing this is an nginx issue. Or maybe i need to add those settings somewhere? Anyway, I have been bashing my head on this for 2 days, so if anybody has any solution to this, I would be very thankful.


I solved the problem but this is not a general solution. In my case, Docker was interferring with iptables and didn't allow connections on port 443. After I exposed the port from Docker, it started to work.