HTTPS/SSL Response gets blocked, HTTP Response works fine
My Website http://bavarian-joke-generator.org is running. Sadly I was not able to get the HTTPS version working because I have been encountering the following problem since enabling it via a certificate by letsencrypt.org via Certbot:
The Response from my server seems to either get blocked or intercepted somehow
Firefox:
Safari:
My Question is:
What am I missing here? I'll list the following things already and really seem to be out of resources on what the issue can be caused by.
Details:
As seen from the NGINX logs below, the response is successfully sent by my Nginx container.
- HTTPS Response that ends up getting blocked:
- HTTP Response that works as expected:
The Server is provided by Hetzner and the following UFW Firewall settings are active (blocked IP address is not mine):
The whole code can be seen on its GitHub repository
But I specifically want to mention the NGINX config used. Also note, that NGINX is running as a container as part of ad docker-compose file:
- Config:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
proxy_max_temp_file_size 0;
include /etc/nginx/conf.d/*.conf;
}
- Template included above
server {
server_name bavarian-joke-generator.org www.bavarian-joke-generator.org;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/live/bavarian-joke-generator.org/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/bavarian-joke-generator.org/privkey.pem;
listen 80;
listen [::]:80;
add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload' always;
add_header Content_Security-Policy "default-src 'self'; script-src 'sha384-7FvcOpf85HsGS89sLrvOOHZYqgaEqbfUi87HhpbqbndTSFw+XpzbDMK5ZcxD28fe'; frame-ancestors: 'self'; form-action 'self'; base-uri 'self';";
add_header X-Content-Type-Options: "nosniff";
root /usr/share/nginx/html;
error_page 400 /errors/400_wrong_input.html;
error_page 404 /errors/404_joke_not_found.html;
location / {
}
# SSL Certificate:
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location /errors/ {
root /usr/share/nginx/html;
internal;
}
location ^~ /assets/ {
root /usr/share/nginx;
}
location ^~ /RegEx/ {
root /usr/share/nginx;
}
location ^~ /ssr/ {
# pass will exchange ssr/ for /:
proxy_pass "http://${SSR_HOST}:${SSR_PORT}/";
proxy_http_version 1.1;
proxy_set_header "Connection" "";
proxy_intercept_errors on;
}
location ^~ /auth/ {
# pass will exchange auth/ for /:
proxy_pass "http://${AUTH_HOST}:${AUTH_PORT}/";
proxy_http_version 1.1;
proxy_set_header "Connection" "";
# No error pages -> Do not intercept errors
}
location ~ \.(?:js|.css)$ {
root /usr/share/nginx/html;
}
}
I already tried:
- splitting the NGINX server block into two that listen on port 80 and one on 443 separately and redirecting to HTTPS block
- enabling ufw rules again
- renewing my ssl certificate
- checking if my ssl certificate can be found via sslhoper.com
- checking if any other firewalls exist and are blocking
So I could not solve the issue but I was able to circumvent it:
I now have a parent NGINX process running on my main Hetzner provided server and the NGINX child process inside a container as stated in my compose file above.
For some reason the outgoing HTTPS response from the container got blocked, while the new setup only has outgoing HTTPS responses from the main server directly.
If this is a Hetzner issue or an issue with any of my configs has to further investigated.
More info can be found here:
- EventSource / Server-Sent Events through Nginx
- How to set custom domain in Nexus Repo without port in URL
- Django doesn't serve static files with NGINX + GUNICORN
- How to run two commands on Dockerfile?
- Nginx reload error in mac osx
- node server not accessible in docker container on aws
- Nginx 403 Forbidden for location and localhost
- How to deploy Rails sqlite3 database with Capistrano?
- Nginx - Wordpress redirect
- How do you change the server header returned by nginx?
- Response returned only after kernel.terminate event
- Restricting access to static files in Django/Nginx
- Nginx keeps hitting connection limit although I only use one connection
- Nginx v1.25.1 http2 on; new recommendation creating another warn
- Second nginx route doesn't work when there are two NextJs applications hosted
- Remove a part of a log in Loki
- nginx - nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
- Error 404 when accessing API via Nginx and Express
- How do I open another port in a docker nginx container (only in the container; so, NOT publishing which is the -p flag)?
- docker private registry with nginx reverse proxy freeze when pushing
- Load balancer on Nginx give 502 Bad Gateway
- Gunicorn service stopping under supervisor with docker
- nginx: use environment variables
- Nginx rewrite and change timestamp format
- how to serve a specific page for each domain name pointing to my nextjs app using nginx
- How to redirect a web page with a Hash in URL NGINX Ubuntu Server
- nginx "server_tokens off" does not remove the server header
- Accessing just a specific folder should redirect
- Send nginx logs to both syslog and stdout/stderr
- Use nginx to serve static files from subdirectories of a given directory