Port 80 and 443 not responding

I have successfully setup SSL using CERTBOT on my NGIX server. However when I tried to use https://domainame I'm getting a not responding response.

netstat -ano | grep 443 gives me the following results

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      off (0.00/0/0)
tcp        0      0 192.168.1.78:33852      34.213.133.213:443      ESTABLISHED keepalive (424.33/0/0)
tcp6       0      0 :::443                  :::*                    LISTEN      off (0.00/0/0)

nc -vz domainname 443 says that port 443 refused to connect

My ufw status is inactive

What's wrong and how can fix the issue?

Thank you

• IN THIS PAGE

• Overview

PRODUCT MANUALS

PaperCut NG & PaperCut MF Manual

PRODUCTS FEATURED

By default, PaperCut NG/MF listens to ports 9191 and 9192 for HTTP and HTTPS communication respectively. These ports have been selected as they’re generally unused by other applications. Because PaperCut NG/MF is a web application, you might want to have the interface available on the standard HTTP and HTTPS ports (80 and 443 respectively). One reason for doing so is to simplify URLs communicated verbally (as the user does not need to supply a port number).

The configuration procedure is different for each operating system. See below for instructions. Important: Before you begin, ensure no other applications (such as IIS, or Apache) are currently installed and using ports 80 or 443 on the server hosting PaperCut NG/MF.

Windows

1. Open the file: [app-path]\server\server.properties

2. Enable port 80 (and 443) by changing the appropriate settings from N to a Y. They should look like: server.enable-http-on-port-80=Y
server.enable-https-on-port-443=Y

3. Change the server port in all providers installed on your network. The server port is set in the print-provider.conf file in the provider directory.

4. Change the server port in the User Client config file:

   [app-path]\client\config.properties.

5. Restart the Application Server. (See Stop and start the Application Server).

6. Test and ensure the web interface is working. e.g. http://[myserver]/admin

Linux

On Linux systems, only privileged programs that run as root can use ports under 1024. In line with security best practice PaperCut runs as a non-privileged user. To enable port 80 and 443, use iptables (or ipchains on old systems) to port-forward 80 to 9191. The following commands provide an example. Consult your distribution’s documentation to see how to persist the iptables rules between system restarts:

/sbin/iptables -t nat -I PREROUTING --src 0/0 --dst <server_ip> \
-p tcp --dport 80 -j REDIRECT --to-ports 9191
/sbin/iptables -t nat -I PREROUTING --src 0/0 --dst <server_ip> \
-p tcp --dport 443 -j REDIRECT --to-ports 9192

(These commands would typically be placed in an rc init script or the iptables startup config script as provided by your distribution.)

When you are done, restart the Application Server. (See Stop and start the Application Server).

Mac

The approach on Mac systems is similar to Linux. With the release of Mac OS X 10.11 (El Capitan) and the inclusion of System Integrity Protection (SIP) modifications to /System/ are disabled by default and disabling this feature is not recommended. The following information works for Mac OS X 10.10. For Mac OS X 10.10 and later, the support for the IPFW firewall has been removed in favor of PF.

Mac OS X 10.10

From Mac OS X 10.10, you must use the pfctl command to modify the Mac firewall.

1. Create the anchor file:
   sudo vi /etc/pf.anchors/com.papercut
   
   

2. Modify the /etc/pf.anchors/com.papercut file by adding the following lines:

   rdr pass on lo0 inet proto tcp from any to self port 80 -> 127.0.0.1 port 9191
rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
   
   

3. Test the anchor file:
   sudo pfctl -vnf /etc/pf.anchors/com.papercut
   
   

4. Add the anchor file to the pf.conf file:
   sudo vi /etc/pf.conf

   Then add in the following lines under each corresponding section - e.g. the rdr-anchor line under the current rdr-anchor line, and the load anchor under the current load-anchor statement:
   rdr-anchor "port80"
load anchor "port80" from "/etc/pf.anchors/com.papercut"
   
   

5. Load the pf.conf file automatically at startup by editing the current daemon for pf:
   sudo vi /System/Library/LaunchDaemons/com.apple.pfctl.plist

   Then within the section detailing the program arguments <key>ProgramArguments</key>, add in an extra string with -e, which enables the config, as per:

   <string>pfctl</string>
<string>-e</string>
<string>-f</string>
<string>/etc/pf.conf</string>

   Then save the file, exit and restart the server to test.

6. To test this method manually (no restart required) you can use the pfctl command:
   sudo pfctl -ef /etc/pf.conf

   This loads and enables the pf.conf file, which then calls the com.papercut anchor file.
   
   

7. Restart the Application Server. (See Stop and start the Application Server).

Mac OS X 10.9 and earlier

In Mac OS X 10.9 and earlier, one needs to use the ipfw command to modify the Mac firewall:

sudo /sbin/ipfw add 102 fwd 127.0.0.1,9191 tcp from any to any 80 in

See the ipfw man page for all the scary details!

What is port 80 not responding?

What is the difference between port 80 and 443?

Is port 80 open by default?

What is port 80 reserved for?