I am struggling with firewalld and SSL on the Fedora 29 workstation. I get a connection refused / I can not connect to the server when I try to open an SSL connection with nginx.
If I stop firewalld with:
sudo systemctl stop firewalld
Then I connect using http and https from a remote system and I get the default Nginx welcome page.
If I start firewalld with
sudo systemctl start firewalld
Then I can connect using http but I can not connect using https and I get the error "I can not connect to the server" so the problem seems to be my firewalld configuration.
I had configured firewalld for http and https as follows:
> sudo firewall-cmd --set-default-zone = public success > sudo firewall-cmd --zone = public --add-service = https --permanent success > sudo firewall-cmd --zone = public --add-service = http --permanent success > sudo firewall-cmd --zone = public --add-masquerade --permanent success > sudo firewall-cmd --load success
> sudo firewall-cmd --get-default-zone public > sudo firewall-cmd --get-active-zones public interfaces: ens33 > sudo firewall-cmd --list-all public (active) objective: by default icmp-block-inversion: no interfaces: ens33 sources: services: dhcpv6-client http https mdns ssh ports: protocols: masquerade: yes forward ports: ports of origin: icmp-blocks: rich rules:
Which brings me to the point where https works but not https when firewalld is enabled.
I have tried to shut down selinux with:
sudo setenforce 0
but the same result: https connections are rejected when firewalld is enabled.
I have also tried to activate the firewalld log, but even at log level 10 with everything denied, I do not get an entry in the log, after firewalld has been started, on the connection attempt.
I suspect that the problem here is my self-signed SSL certificate, known by nginx but not known by firewalld, but it seems that I can not find anything that shows how to point firewalld to my CA certificate.
sudo systemctl disable firewalld
Any suggestions for firewalld to accept my SSL connections?