Unresponsive .NET Kestrel on Ubuntu 20

I'm trying to run .NET on Ubuntu, with the following appsettings.json:

{"Logging": {"LogLevel": {"Default": "Information","Microsoft.AspNetCore": "Warning"    }  },"AllowedHosts": "*","ConnectionStrings": {"DefaultConnection": "Server=1.2.3.5:1234;Database=somedomain.com;Uid=default;Pwd=password;"  },"Kestrel": {"Endpoints": {"Https": {"Url": "https://localhost:7000","Certificate": {"Path": "/etc/letsencrypt/live/somedomain.com/cert.pem","KeyPath": "/etc/letsencrypt/live/somedomain.com/privkey.pem"        }      }    }  }}

And the following program.cs:

using Microsoft.AspNetCore.HttpOverrides;var builder = WebApplication.CreateBuilder(args);builder.Services.AddControllers();builder.Services.AddRazorPages();var app = builder.Build();app.UseForwardedHeaders(new ForwardedHeadersOptions{    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto});// Configure the HTTP request pipeline.if (!app.Environment.IsDevelopment()){    app.UseExceptionHandler("/Error");    //app.UseHttpsRedirection();}app.UseStaticFiles();app.UseRouting();app.UseAuthorization();app.MapControllers();app.MapRazorPages();app.Run();

It starts up fine, but if I open port 7000 then even telnet can't make a connection to Kestrel. However, running lsof -i:7000 shows it listening on that port. What gives?

Update:

Running telnet from outside doesn't work, but from localhost it's OK.If Nginx is running and I try to connect to port 443 in a browser, it returns '403 Forbidden'. Here's the Nginx config for the site:

limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;server_tokens  off;upstream somedomain.com{    server 127.0.0.1:7000;}server{    root /var/www/somedomain.com;    server_name somedomain.com;    listen [::]:443 ssl ipv6only=on; # managed by Certbot    listen 443 ssl; # managed by Certbot    ssl_certificate           /etc/letsencrypt/live/somedomain.com/fullchain.pem; # managed by Certbot    ssl_certificate_key       /etc/letsencrypt/live/somedomain.com/privkey.pem; # managed by Certbot    include                   /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot    ssl_dhparam               /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot    add_header X-Frame-Options DENY;    add_header X-Content-Type-Options nosniff;    #Redirects all traffic    location /    {        proxy_pass https://somedomain.com;        limit_req  zone=one burst=10 nodelay;        try_files $uri $uri/ =404;    }}server{    if ($host = somedomain.com)    {        return 301 https://$host$request_uri;    } # managed by Certbot    listen 80 default_server;    listen [::]:80 default_server;    server_name somedomain.com;    return 404; # managed by Certbot}

Update 2:

I updated the NGINX configuration with the following, but the issue persists:

    location / {        proxy_pass         https://127.0.0.1:7000/;        proxy_http_version 1.1;        proxy_set_header   Upgrade $http_upgrade;        proxy_set_header   Host $host;        proxy_cache_bypass $http_upgrade;        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;        proxy_set_header   X-Forwarded-Proto $scheme;    }