Https ports

descargas.pendientes · October 27, 2023, 7:20pm

Hello everyone and thanks in advance for the response if possible.

I have a fixed IP at home. Behind it I have set up an Ubuntu server with Virtualmin (VMWare) with ports http=89 and https=2053 and, on the same server, docker with nginx proxy manager to manage virtualmin certificates and docker containers. Everything working perfectly.

Cloudflare indicates that it also manages with port 2053 for https. But as soon as I activate Proxied, the web page stops showing.

Is there something I don’t do well?

Thank you and a good day to anyone who reads me.

i40west · October 27, 2023, 7:35pm

Make sure you’re entering the URL correctly. You’ll need to do it like https://example.com:2053, you must include the https part and the port number.

Once it’s working you could use an Origin Rule to hit the correct port without needing to type it in the URL.

descargas.pendientes · October 27, 2023, 7:47pm

Thanks. I can not, with nginx write the domain and the port because nginx resolve the port.

The second answer about rules. How can I write that rule to resolve the domain with the port 2053. Thanks

descargas.pendientes · October 27, 2023, 7:54pm

I did it and it does not work.

i40west · October 27, 2023, 7:57pm

All you want is for all HTTPS traffic to go to that port, so this should work:

You should be able to do the same thing for non-HTTPS traffic to port 89. If you don’t, you will still need to enter the https part before the URL.

What do you mean by “does not work”? Is there an error message?

descargas.pendientes · October 27, 2023, 8:00pm

Thaks a lot for your answer. I did as you very well explained but it does not work yet.

i40west · October 27, 2023, 8:03pm

If you web server is listening on port 2053 for HTTPS, then with the proxy shut off, you should be able to enter the URL like https://example.com:2053 and have it work. If that doesn’t work with the proxy shut off, then the problem is elsewhere.

You said with the proxy off, it works. What URL do you enter to make it work in that case?

descargas.pendientes · October 27, 2023, 8:07pm

Thanks again. No, the Nginx Proxy Manager in docker resolve the port. It resolve the port you want but the port 80 and 443 must to be put to it and not to the virtualmin software. As soon you say to the nginz manager the port that is using the web, in this case 2053 it redirects automatically.

descargas.pendientes · October 27, 2023, 8:09pm

You don’t have to put the url and the port.

descargas.pendientes · October 27, 2023, 8:11pm

This system does not allow me to write you the web page

i40west · October 27, 2023, 8:13pm

In that case, it sounds like it’s being served publicly on the default ports (80 and 443). So you don’t need to do anything with the alternate ports because that’s already being forwarded. No rules, no ports needed in the URL, just a normal server setup.

But is it possible that your ISP is blocking those ports? If it’s a residential connection they may not want you running a web server and may be blocking 80 and 443.

descargas.pendientes · October 27, 2023, 8:14pm

Thanks again, Not at all! Is serving perfectly all ports. Nginx is using them.

descargas.pendientes · October 27, 2023, 8:16pm

I installed the Nginx Proxy Manager to serve the virtualmin and docker containers. That’s why

sjr · October 27, 2023, 8:26pm

I’m not clear what port your home connection is listening on.

What port is the nginx proxy listening on? (443 or 2053?)

What do you type into your browser to access virtualmin via the proxy without Cloudflare?

What are you typing into your browser to try to access it through Cloudflare?

(Use the word ‘dot’ instead of . or add spaces in the URL if you can’t post the link).

descargas.pendientes · October 27, 2023, 8:38pm

Virtualmin uses 89 and 2053 for https as an optional https as indicate clouflare. Nginx docker uses 80 and 443. Salirdelasciudades com is the domain. Now i habe it disconnected. I acces to virtualmin whit its own port 10000. I type the name of the web whithout using the 2053 as must be

Thabks

sjr · October 27, 2023, 8:43pm

So what are you trying to achieve with Cloudflare?

Are you trying to just point Cloudflare at the nginx proxy like this…?
Cloudflare ----> (443) nginx (2053) -----> (2053) virtualmin

Or trying to point Cloudflare direct to virtualmin without your nginx proxy like this…?
Cloudflare -----> (2053) virtualmin

descargas.pendientes · October 27, 2023, 8:46pm

I do not know what is the best solution and how to do it. I want enable proxied in cloudflare with my configuration. Nginx must listen to 80 and 443 to get the letsencrypt certificates and then redirect to the 2053 https pprt of my sites. But it does not

descargas.pendientes · October 27, 2023, 8:47pm

Must be through nginx because the virtualmin dows not habe the certificates

sjr · October 27, 2023, 8:51pm

OK, so forget about port 2053 as far as Cloudflare is concerned. You need the nginx proxy to provide the certificate to Cloudflare for HTTPS between Cloudflare and nginx. That connection will take place to port 443 at your end as if you were connecting directly.

Just set the A record for salirdelasciudades.com in your Cloudflare DNS to point at your static IP address. Ensure your Cloudflare SSL/TLS settings are set to Full or Full (strict) (check your nginx Letsencrypt certificate is valid for salirdelasciudades.com) and that should be it assuming all the internal stuff works as you say.

i40west · October 27, 2023, 8:52pm

Are you sure any of this is actually working from outside your home? Not just within your local network?

The address your domain name resolves to is not accepting connections on any common ports, though it is reachable. Is it possible either your ISP is blocking connections, or that you have a firewall between you and the world?