Reputation: 55
Is it possible to use https url without port if 443 port is not open to outside?
I don't know if it's too specific, but I'll try.
We have an API deployed in a server which is located in a network. This network has only one port open to outside. Lets say (4444). Lets say the api is deployed in 4444 in the server machine too.
The network management (which we cannot access) takes 4444 from outside and send it to 4444 in our machine.
Here starts the https stuff. I manage to install https certificates using certbot, by using an A entry and a TXT entry in my dns management provider (lets say its zeus.lalala.com). I'm using nginx manager in my server to manage the conections like this:
events {
worker_connections 1024;
}
http {
client_max_body_size 0;
server {
listen 80;
server_name zeus.lalala.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name zeus.lalala.com;
ssl_certificate /etc/letsencrypt/live/zeus.lalala.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zeus.lalala.com/privkey.pem;
underscores_in_headers on;
location / {
proxy_pass https://0.0.0.0:4444;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
proxy_send_timeout 300s;
proxy_buffers 8 16k;
proxy_buffer_size 32k;
# Additional config for websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
but with this, I can connect with https://zeus.lalala.com:4444, and I would like to enter without the port. Is this possible without opening the 443 port from outside in the network?
Thanks in advance.
Upvotes: 0
Views: 23