I have two subdomains on my website all serving web apps and a website running on the domain (and www.) itself; these are:

gitea.mywebsite.co.uk – running on :3000

and

mail.mywebsite.co.uk – not yet running

Both of these are configured with DNS CName entries pointing them to mywebsite.co.uk and I've checked that these have in-fact propegated.

I want to serve HTTPS exclusively and consequently have acquired and installed SSL Certificates for both subdomains and the domain as a whole (I can't afford any of these fancy wildcard certificates).

In order to achieve this, I've set up nginx to listen on :80 and redirect ALL incoming HTTP traffic to HTTPS as such (I'll implement HSTS once I have everything up and running):

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
}

This seems to work okay, regardless of what subdomain I enter, I see the browser redirect it to the HTTPS equivalent.

So the issue appears to occur somewhere during the reverse proxy stage of the configuration. I want all requests made to gitea.mywbsite.co.uk to be passed to :3000 to handle. I am achieving this like such:

server {
        listen 443 ssl;
        server_name gitea.mywebsite.co.uk;
        ssl_certificate /etc/ssl/certs/gitea.mywebsite.crt;
        ssl_certificate_key /etc/ssl/private/gitea.mywebsite.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!MD5;
        location / {
                proxy_pass https://localhost:3000/;
        }
}

However, whenever I attempt to access this I am greeted by a standard browser "Can't connect" error (note, this isn't the SSL error page).

I can connect to the webapp just fine by loading mywebsite.co.uk:3000 directly so that is definitely running. I've also double-checked the symlink to sites-enabled, restarted nginx and still no luck.

Any ideas?