Nginx – OpenVPN doesn’t share port with nginx

httpsnginxopenvpnssl

I have OpenVPN configured to sent non-VPN traffic on port 443 to my nginx server on port 4433. When I go to https://domain.tld:4433 it works, although https://domain.tld (Where OpenVPN listens on port 443 TCP) results in an "Page not available" (ERR_CONNECTION_CLOSED in Chrome).

OpenVPN config:

port 443
proto tcp
port-share localhost 4433

Nginx config: (Not actually required, because I'm sure it works)

server {
    listen      1.2.3.4:4433;
    server_name domain.tld www.domain.tld;
    ssl         on;
    ssl_certificate      /home/rick/conf/web/ssl.domain.tld.pem;
    ssl_certificate_key  /home/rick/conf/web/ssl.domain.tld.key;
    error_log  /var/log/apache2/domains/domain.tld.error.log error;
    ...
}

Best Answer

This is how I solved it:

Check whether OpenVPN is listening on Port 443 TCP. Check according to the config, as well as an port check service.
Set port-share to port-share {IP} {PORT}

How to know the {IP} and {PORT}?

In nginx:

server {
    listen      {IP}:{PORT};
}

In Apache:

<VirtualHost {IP}:{PORT}>
    ServerName {IP} 
    ServerAlias {IP} 
// Could also be an hostname, hostname also work on OpenVPN port-share.
// When {IP} in the VirtualHost opening tag is "*", using localhost or 
// 127.0.0.1 or Public IP in OpenVPN, will fix the problem.
</VirtualHost>

Hope this helped you out!

Related Solutions

Nginx proxy pass works for https but not http

I believe you need a separate server block for HTTP. For example:

server {
listen 80;

location / {
        proxy_redirect off;
        proxy_cache off;
        proxy_pass         http://127.0.0.1:5000;
        proxy_set_header   Host             $http_host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
}
}

You would then remove listen 80; from the existing server block.

Nginx – Properly setting up a “default” nginx server for https

I managed to configure a shared dedicated hosting on a single IP with nginx. Default HTTP and HTTPS serving a 404 for unknown domains incoming.

1 - Create a default zone

As nginx is loading vhosts in ascii order, you should create a 00-default file/symbolic link into your /etc/nginx/sites-enabled.

2 - Fill the default zone

Fill your 00-default with default vhosts. Here is the zone i am using:

server {
    server_name _;
    listen       80  default_server;
    return       404;
}


server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    return       404;
}

3 - Create self signed certif, test, and reload

You will need to create a self signed certificate into /etc/nginx/ssl/nginx.crt.

Create a default self signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Just a reminder:

Test the nginx configuration before reloading/restarting : nginx -t
Reload a enjoy: sudo service nginx reload

Hope it helps.

Best Answer

Related Solutions

Nginx proxy pass works for https but not http

Nginx – Properly setting up a “default” nginx server for https

Related Topic