I am running Ubuntu 24.04 on a virtual machine. I am trying to setup nginx but can't get seem to reach it from outside of the local network.
This is my nginx.conf
user root;worker_processes auto;pid /run/nginx.pid;error_log /var/log/nginx/error.log;include /etc/nginx/modules-enabled/*.conf;events { worker_connections 768; # multi_accept on;}http { ## # Basic Settings ## sendfile on; tcp_nopush on; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; ## # Gzip Settings ## gzip on; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; server { listen 80; location / { default_type text/html; return 200 "test\n"; # proxy_pass http://localhost:8005/; } } }While running a docker compose project with open ports they are reachable from the public ip. The nginx configuration is reachable from localhost: doing curl http://localhost:80 returns the expected output. However reaching nginx from the public ip adress doesn't seem to work.
Nginx is listening correctly if inspected with netstat:
~# sudo netstat -tanpl|grep nginxtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 140762/nginx: masteThe port 80 does not show up on IPtables:
~# iptables -t nat -S-P PREROUTING ACCEPT-P INPUT ACCEPT-P OUTPUT ACCEPT-P POSTROUTING ACCEPT-N DOCKER-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER-A POSTROUTING -s 172.22.0.0/16 ! -o br-ac050cf1bd25 -j MASQUERADE-A POSTROUTING -s 172.21.0.0/16 ! -o br-411d5766abb2 -j MASQUERADE-A POSTROUTING -s 172.20.0.0/16 ! -o br-a43c6c8e276e -j MASQUERADE-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE-A POSTROUTING -s 172.20.0.3/32 -d 172.20.0.3/32 -p tcp -m tcp --dport 8005 -j MASQUERADE-A POSTROUTING -s 172.20.0.5/32 -d 172.20.0.5/32 -p tcp -m tcp --dport 8003 -j MASQUERADE-A POSTROUTING -s 172.20.0.4/32 -d 172.20.0.4/32 -p tcp -m tcp --dport 8004 -j MASQUERADE-A POSTROUTING -s 172.20.0.6/32 -d 172.20.0.6/32 -p tcp -m tcp --dport 9600 -j MASQUERADE-A POSTROUTING -s 172.20.0.6/32 -d 172.20.0.6/32 -p tcp -m tcp --dport 9200 -j MASQUERADE-A POSTROUTING -s 172.20.0.7/32 -d 172.20.0.7/32 -p tcp -m tcp --dport 9600 -j MASQUERADE-A POSTROUTING -s 172.20.0.8/32 -d 172.20.0.8/32 -p tcp -m tcp --dport 8001 -j MASQUERADE-A POSTROUTING -s 172.20.0.9/32 -d 172.20.0.9/32 -p tcp -m tcp --dport 8002 -j MASQUERADE-A POSTROUTING -s 172.20.0.10/32 -d 172.20.0.10/32 -p tcp -m tcp --dport 5601 -j MASQUERADE-A POSTROUTING -s 172.20.0.11/32 -d 172.20.0.11/32 -p tcp -m tcp --dport 8006 -j MASQUERADE-A POSTROUTING -s 172.20.0.7/32 -d 172.20.0.7/32 -p tcp -m tcp --dport 9200 -j MASQUERADE-A DOCKER -i br-ac050cf1bd25 -j RETURN-A DOCKER -i br-411d5766abb2 -j RETURN-A DOCKER -i br-a43c6c8e276e -j RETURN-A DOCKER -i docker0 -j RETURN-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8005 -j DNAT --to-destination 172.20.0.3:8005-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8003 -j DNAT --to-destination 172.20.0.5:8003-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8004 -j DNAT --to-destination 172.20.0.4:8004-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 9600 -j DNAT --to-destination 172.20.0.6:9600-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 9200 -j DNAT --to-destination 172.20.0.6:9200-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 9601 -j DNAT --to-destination 172.20.0.7:9600-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8001 -j DNAT --to-destination 172.20.0.8:8001-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8002 -j DNAT --to-destination 172.20.0.9:8002-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 5601 -j DNAT --to-destination 172.20.0.10:5601-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8006 -j DNAT --to-destination 172.20.0.11:8006-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 9202 -j DNAT --to-destination 172.20.0.7:9200Does anyboy have any idea what is going on here?
I checked the status of ufw and it was inactive.While running a docker compose project with open ports they are reachable from the public ip. The nginx configuration is reachable from localhost: doing curl http://localhost:80 return the expected output. However reaching nginx from the public ip adress doesn't seem to work.
Nginx is listening correctly if inspected with netstat:
~# sudo netstat -tanpl|grep nginxtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 140762/nginx: masteThe port 80 does not show up on IPtables:
~# iptables -t nat -S-P PREROUTING ACCEPT-P INPUT ACCEPT-P OUTPUT ACCEPT-P POSTROUTING ACCEPT-N DOCKER-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER-A POSTROUTING -s 172.22.0.0/16 ! -o br-ac050cf1bd25 -j MASQUERADE-A POSTROUTING -s 172.21.0.0/16 ! -o br-411d5766abb2 -j MASQUERADE-A POSTROUTING -s 172.20.0.0/16 ! -o br-a43c6c8e276e -j MASQUERADE-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE-A POSTROUTING -s 172.20.0.3/32 -d 172.20.0.3/32 -p tcp -m tcp --dport 8005 -j MASQUERADE-A POSTROUTING -s 172.20.0.5/32 -d 172.20.0.5/32 -p tcp -m tcp --dport 8003 -j MASQUERADE-A POSTROUTING -s 172.20.0.4/32 -d 172.20.0.4/32 -p tcp -m tcp --dport 8004 -j MASQUERADE-A POSTROUTING -s 172.20.0.6/32 -d 172.20.0.6/32 -p tcp -m tcp --dport 9600 -j MASQUERADE-A POSTROUTING -s 172.20.0.6/32 -d 172.20.0.6/32 -p tcp -m tcp --dport 9200 -j MASQUERADE-A POSTROUTING -s 172.20.0.7/32 -d 172.20.0.7/32 -p tcp -m tcp --dport 9600 -j MASQUERADE-A POSTROUTING -s 172.20.0.8/32 -d 172.20.0.8/32 -p tcp -m tcp --dport 8001 -j MASQUERADE-A POSTROUTING -s 172.20.0.9/32 -d 172.20.0.9/32 -p tcp -m tcp --dport 8002 -j MASQUERADE-A POSTROUTING -s 172.20.0.10/32 -d 172.20.0.10/32 -p tcp -m tcp --dport 5601 -j MASQUERADE-A POSTROUTING -s 172.20.0.11/32 -d 172.20.0.11/32 -p tcp -m tcp --dport 8006 -j MASQUERADE-A POSTROUTING -s 172.20.0.7/32 -d 172.20.0.7/32 -p tcp -m tcp --dport 9200 -j MASQUERADE-A DOCKER -i br-ac050cf1bd25 -j RETURN-A DOCKER -i br-411d5766abb2 -j RETURN-A DOCKER -i br-a43c6c8e276e -j RETURN-A DOCKER -i docker0 -j RETURN-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8005 -j DNAT --to-destination 172.20.0.3:8005-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8003 -j DNAT --to-destination 172.20.0.5:8003-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8004 -j DNAT --to-destination 172.20.0.4:8004-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 9600 -j DNAT --to-destination 172.20.0.6:9600-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 9200 -j DNAT --to-destination 172.20.0.6:9200-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 9601 -j DNAT --to-destination 172.20.0.7:9600-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8001 -j DNAT --to-destination 172.20.0.8:8001-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8002 -j DNAT --to-destination 172.20.0.9:8002-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 5601 -j DNAT --to-destination 172.20.0.10:5601-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 8006 -j DNAT --to-destination 172.20.0.11:8006-A DOCKER ! -i br-a43c6c8e276e -p tcp -m tcp --dport 9202 -j DNAT --to-destination 172.20.0.7:9200Does anyboy have any idea what is going on here?
I checked and ufw is inactive.
The access log only shows the succesfull requests from localhost, the error log does not contain any errors.