nginx webserver gunicorn amazon-lightsail

Nginx Gunicorn socket issue? Unresponsive

I'm trying to deploy a Django project to a AWS Lightsail server.

I followed mostly this tutorial. I added some SSL protocols for additional security.

This projects runs perfectly on my Ubuntu 18.04 VirtualBox with exact same setup and exact same components, same SSL protocols. However on the Lightsail it doesn't respond to the browser request. It will redirect me to https but then will die... I wasn't able to identify any errors in any of the logs. Which leaves me guessing

/etc/systemd/system/webrock.socket:

[Unit]
Description=gunicorn socket

[Socket]
ListenStream=/run/webrock.sock

[Install]
WantedBy=sockets.target

/etc/systemd/system/webrock.service:

[Unit]
Description=gunicorn daemon
Requires=webrock.socket
After=network.target

[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/django/webrock
ExecStart=/home/ubuntu/django/webrock/venv/bin/gunicorn \
      --access-logfile - \
      --workers 3 \
      --bind unix:/run/webrock.sock \
      core.wsgi:application

[Install]
WantedBy=multi-user.target

/etc/nginx/sites-available/webrock:

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2 ipv6only=on;

        include snippets/signed.conf; # path to certs
        include snippets/params.conf; # cert related params


        index index.html index.htm index.nginx-debian.html;

        server_name mydomain.com www.mydomain.com; #changed this line by replacing domain name with dummy


        location = /favicon.ico {access_log off; log_not_found off;}
        location /static/ {
                root /home/ubuntu/django/webrock;
        }
        location / {
                include proxy_params;
                proxy_pass http://unix:/run/webrock.sock;
                try_files $uri $uri/ =404;
        }

}
server {
        listen 80;
        listen [::]:80;

        server_name mydomain.com www.mydomain.com; #changed this line by replacing domain name with dummy

        return 302 https://$server_name$request_uri;

}

I left the nginx default file alone. Now every time I visit the page by punching in the server IP, I see the nginx default page. When I use the domain name I get redirected to HTTPS, but then... nothing. I assume that there is some disruption between gunicorn and nginx, but I'm not experienced enough to troubleshoot there or solve to solve it.

As I mentioned above, exact the same setup runs flawless on the similar system in my VirtualBox.

I'm very thankful for suggestions and hints.

Update: I disabled the redirect portion in nginx and made it listen to port 80. It worked. Now I'm trying to figure out how to introduce HTTP2 and port 443 back to the setup. BTW my ufw looks like this:

Solution

After two days banging my head against this issue here is the solution.

So Amazon Lightsail has an additional firewall in front of the UFW on the actual server. You can access Lightsail firewall by clicking on...

Menue of your instance > Manage > Networking

You will see a summarized networking for your instance like IP addresses, Firewall, Loadbalancer. In that firewall you need to add an additional port (In my case HTTPS).

Why would they put an additional firewall in front of UFW beats me.