After some server hardening, and installing NGINX (whitout modifying the configuration) I somehow cant access nginx from outside anymore.
Sadly, I'm not at all an expert in theese things. The hardening was done over various manuals / tutorials (putting up ufw, ssh hardening, etc).
On a local machine, I dont seem to have any problems setting up NGINX and running it locally - so I guess it has to do with the hardening.
After reading trough some similar problems, trying out different solutions, etc, I'm still at the beginning: Calling the server (oder domain or over IP) results in a 'page unavailable' after about 1 Minute of waiting.
How can I analyze the problem? What informations are required, to find the bottleneck? (if it's ufw, nginx, - whatever?) The target is, to finally see the 'welcome to nginx' page. Do I need a certain ARP entry, to be reachable over an external IP?
If you can tell me what commands to execute, I'll add the informations below.
Edit: It seems to be an ufw issue. After removing 'deny in to any' nginx seems to be reachable (i tought I already tried that, put apparently the first time around it didnt work) - the question now is, what port is blocked that is requried by NGINX? Port 80 was open, does NGINX require another one to work? (since I would like to close the IN ports not required)
Things I tried out:
/var/log/nginx/access.log
and /var/log/nginx/error.log
both have no entries
-
# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 11512 root 7u IPv4 3215792 0t0 TCP *:http (LISTEN)
nginx 11513 www-data 7u IPv4 3215792 0t0 TCP *:http (LISTEN)
nginx 11514 www-data 7u IPv4 3215792 0t0 TCP *:http (LISTEN)
nginx 11515 www-data 7u IPv4 3215792 0t0 TCP *:http (LISTEN)
nginx 11516 www-data 7u IPv4 3215792 0t0 TCP *:http (LISTEN)
-
# ufw status
Status: active
To Action From
-- ------ ----
3456 LIMIT Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
Anywhere DENY Anywhere
3456 ALLOW Anywhere (v6)
80 ALLOW Anywhere (v6)
443 ALLOW Anywhere (v6)
Anywhere (v6) DENY Anywhere (v6)
53 ALLOW OUT Anywhere
80 ALLOW OUT Anywhere
123 ALLOW OUT Anywhere
443 ALLOW OUT Anywhere
Anywhere DENY OUT Anywhere
53 ALLOW OUT Anywhere (v6)
80 ALLOW OUT Anywhere (v6)
123 ALLOW OUT Anywhere (v6)
443 ALLOW OUT Anywhere (v6)
Anywhere (v6) DENY OUT Anywhere (v6)
-
# netstat -ltnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11512/nginx
tcp 0 0 0.0.0.0:3456 0.0.0.0:* LISTEN 886/sshd
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 10909/php-fpm.conf)