Open 443 on Google Compute Instance?

Question

For some reason I can't open port 443 on my google compute instance. I have HTTPS server enabled on the instance, and using gcloud compute firewall-rules list returns the rules below:

NAME                    NETWORK  DIRECTION  PRIORITY  ALLOW                         DENY
default-allow-http      default  INGRESS    1000      tcp:80
default-allow-https     default  INGRESS    1000      tcp:443
default-allow-icmp      default  INGRESS    65534     icmp
default-allow-internal  default  INGRESS    65534     tcp:0-65535,udp:0-65535,icmp
default-allow-rdp       default  INGRESS    65534     tcp:3389
default-allow-ssh       default  INGRESS    65534     tcp:22

Yet when I check to see if the port is open using something like nmap it says it's closed.

PORT     STATE  SERVICE
22/tcp   open   ssh
443/tcp  closed https

Edit: Here's my nginx conf file for that site. https://gist.github.com/cclloyd/e7f1183f3a018dbc32cd7c55e15375cf

Answer 1

Check if application running

You need to check if there is actually an application, running on your instance, that listening to 443 port.

sudo netstat -plnt

E.g. if there is nginx service running, and configured to listen 443 port, you will see something like this

Proto Local Address           Foreign Address         State       PID/Program name
tcp   0.0.0.0:443             0.0.0.0:*               LISTEN      2742/nginx -g daemo

Check firewall rules association

You also can check that your firewall rule and your instance has appropriate tags:

Check firewall rule targetTags:

$ gcloud compute firewall-rules describe default-allow-https --format="value(targetTags)"

Should output "https-server"

Check instance tags:

$ gcloud compute instances describe %INSTANCE_NAME% --format="value(tags.items)"

Should output "https-server" as well.