On Mon, Aug 24, 2020 at 07:35:24AM -0400, nathanpgibson wrote: Hi there,
> Just wondering if anyone has further thoughts on what to try here? You wrote: """ When I try nmap from my local machine I get some results I can't explain. Notice the discrepancy between ports 80 and ports 443 and between IPv4 and IPv6 $ nmap -A -T4 -p443 example.org 443/tcp filtered https $ nmap -A -T4 -p443 my.server.ip.address 443/tcp filtered https $ nmap -A -T4 -p443 -6 my:server:ip::v6:address 443/tcp open ssl/http nginx 1.10.3 $ nmap -A -T4 -p80 example.org 80/tcp open http nginx 1.10.3 $ nmap -A -T4 -p80 my.server.ip.address 80/tcp open http nginx 1.10.3 """ For nmap, filtered means: Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. (From https://nmap.org/book/man-port-scanning-basics.html) That means that something in between your nmap testing client and your nginx server is interfering with the IPv4 https/port 443 traffic. Find and fix that something, and things will probably work better. You also indicate that most visitors get a connection timeout message, while some get through. Do your nginx logs indicate that all of the ones that get through are using IPv6, not IPv4? That might also point at IPv4 being blocked. (Or: do your nginx logs indicate that all of the ones that get through are coming from similar IP addresses? Perhaps there is wonky routing involved? Although that would not explain the difference between ports 80 and 443 of the same IPv4 address.) If you "tcpdump" on the nginx server for the port 443 traffic, do you see anything? If tcpdump sees the traffic but nginx does not, there is probably a local (on the same server as nginx) network control device ("firewall") involved. If tcpdump does not see the traffic, then there is an external network control device involved. If you, for example, "tcptraceroute" to your IPv4 address, port 443, from a remote client, how far does the traffic get? That might hint at where the first block is happening. But right now, there is nothing obviously related to nginx in this diagnosis. Good luck with it, f -- Francis Daly fran...@daoine.org _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
