No momento, estou tendo alguns problemas no trabalho quando estou usando nossa Web sob SSL e usando a porta 443. Eu encontrei este site que verifica o status do seu servidor. Diz que o 443 está fechado.
Port 443 is closed on xx.xxx.xx.xxx.
Depois de um tempo, experimentei tudo e não sei o que estou fazendo de errado.
netstat mostra isso:
sudo netstat -anltp | grep LISTEN
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
e
netstat -nap | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 27898/nginx
tcp 1 0 127.0.0.1:34371 127.0.0.1:443 CLOSE_WAIT 25998/openssl
Supõe-se que o nginx esteja escutando nessa porta, certo?
Parece assim, porque se eu uso um cliente openssl eu recebo:
openssl s_client -connect 127.0.0.1:443
CONNECTED(00000003)
Mas quando tento acessar meu servidor pelo lado de fora usando a porta 443, recebo um tempo de conexão.
openssl s_client -connect xx.xx.xx.xx:443
connect: Connection timed out
connect:errno=110
E aqui as regras do iptable
sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
Chain ufw-after-forward (0 references)
target prot opt source destination
Chain ufw-after-input (0 references)
target prot opt source destination
Chain ufw-after-logging-forward (0 references)
target prot opt source destination
Chain ufw-after-logging-input (0 references)
target prot opt source destination
Chain ufw-after-logging-output (0 references)
target prot opt source destination
Chain ufw-after-output (0 references)
target prot opt source destination
Chain ufw-before-forward (0 references)
target prot opt source destination
Chain ufw-before-input (0 references)
target prot opt source destination
Chain ufw-before-logging-forward (0 references)
target prot opt source destination
Chain ufw-before-logging-input (0 references)
target prot opt source destination
Chain ufw-before-logging-output (0 references)
target prot opt source destination
Chain ufw-before-output (0 references)
target prot opt source destination
Chain ufw-reject-forward (0 references)
target prot opt source destination
Chain ufw-reject-input (0 references)
target prot opt source destination
Chain ufw-reject-output (0 references)
target prot opt source destination
Chain ufw-track-input (0 references)
target prot opt source destination
Chain ufw-track-output (0 references)
target prot opt source destination
Qualquer sugestão seria apreciada.
Obrigado.
ATUALIZAÇÃO: esqueci de mencionar que nenhum firewall está sendo executado:
ufw status
Status: inactive