Can't connect to Nginx from remote browser (weird issue)

gnoirzox asked:

I’ve got a really weird issue with Nginx, I can’t access it from my browser.

I have installed a CentOS 7 virtual machine on my computer with Nginx, PHP-FPM and MariaDB installed and configured.

The configuration of Nginx is the following :

server {
listen       80;
server_name  localhost;

#charset koi8-r;
#access_log  /var/log/nginx/log/host.access.log  main;

location / {
    root   /path/to/www
    index  index.php;
    try_files $uri $uri/ /index.php?$args;

#error_page  404              /404.html;

# redirect server error pages to the static page /50x.html
error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;

# proxy the PHP scripts to Apache listening on
#location ~ \.php$ {
#    proxy_pass;

# pass the PHP scripts to FastCGI server listening on
location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    try_files $uri $uri/ = 404;
    root   /path/to/www/;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#location ~ /\.ht {
#    deny  all;

I have also configured Iptables with the following rules :

INPUT_ZONES  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:mysql

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
OUTPUT_direct  all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:mysql

And I have also decided to disable SELinux for the time being…

To finish, when executing “tcpdump port 80”, I get this message while trying to access to the web server:

listening on enp0s3, link-type EN10MB (Ethernet), capture size 65535 bytes
19:39:51.574889 IP > Flags [S], seq 2033938019, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val 551897257 ecr 0,sackOK,eol], length 0

And my computer web browser says that it can’t connect to the specified server…

Do you have any idea what might cause this issue ? Did I miss something ?

Sorry for this long message, but I really have no idea what to do now..


My answer:

Your firewall rules reject all incoming traffic.

You tried to deal with this by manually appending rules to allow HTTP, HTTPS and MySQL connections, but this does not work since they are already rejected by a previous rule.

Further, your system is running firewalld.

To resolve the problem, you should use firewalld to manage your firewall rules.

For example:

firewall-cmd --add-service=http
firewall-cmd --add-service=https
firewall-cmd --add-service=mysql

To make them persist, run:

firewall-cmd --runtime-to-permanent

(This last requires that you have updated to at least CentOS 7.1.)

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.