1

I am not very familiar with configuring a web server. I have a node express server running on port 3000 on an AWS EC2 instance that is running Ubuntu 18.04.

In AWS management console, I have a rule allowing access to port 3000, so that I can access mydomain.com:3000. No problem - that makes sense.

To enable access through mydomain.com, I installed Nginx and a very simple configuration using proxy_pass to pass along port 80 requests to port 3000:

server {

        listen 80 default_server;
        listen [::]:80 default_server;

        server_name mydomain.com www.mydomain.com;

       location / {
               proxy_set_header X-Real-IP      $remote_addr;
               proxy_set_header Host           $http_host;
               proxy_pass      http://127.0.0.1:3000;
       }

}

However, when I stop Nginx (which I did as part of an unrelated attempt to move to https...more details on that if you need), I can still access mydomain.com.

Somehow, the node express server on port 3000 is being reached, even though traffic is coming in to port 80. And Nginx is not running.

What is happening?

I checked sudo iptables -L and that does not appear to be the culprit:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
RtmY
  • 277
  • 2
  • 9
susie derkins
  • 111
  • 2
  • Look at the iptables `nat` table. – Michael Hampton Feb 27 '19 at 16:50
  • @MichaelHampton - you are right on. `iptables -L -t nat` showed `Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3000` – susie derkins Feb 27 '19 at 17:00
  • @MichaelHampton Follow-up question: how is that entry likely to have made it into nat table? I didn't do it manually. Could it have been from attempting to allow https and installing certbot? – susie derkins Feb 27 '19 at 17:03
  • 1
    Nope, that's likely manually added as a result of trying to make a Node.js app answer on port 80 without using nginx. So it may have been there so long that you forgot about it. – Michael Hampton Feb 27 '19 at 17:22
  • Interesting, @MichaelHampton. I'm reasonably confident I didn't do it manually, as today was the first time iptables came on my radar as I was trying to figure out what was going on. In any case, if you're so inclined, I'm happy to accept your comment as answer if you post it – susie derkins Feb 27 '19 at 18:06

0 Answers0