Port Conflict Between NGINX vHost and Stream Configuration on Port 443 (Ubuntu 24.04.3 LTS)

Projects NGINX
,
1

Hi,
I am running nginx/1.24.0 on Ubuntu 24.04.3 LTS, and I’m facing an issue when trying to run both a standard HTTPS vHost and a stream-based TLS passthrough configuration simultaneously.

System Information

# nginx -v
nginx version: nginx/1.24.0 (Ubuntu)

# cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.3 LTS (Noble Numbat)"
VERSION_CODENAME=noble

Configuration Details

/etc/nginx/sites-enabled/finexample.mydomain.conf
server {

listen 443 ssl;
server_name finexample.mydomain.com;

client_max_body_size 30M;

ssl_certificate /etc/letsencrypt/live/finexample.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/finexample.mydomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

location / {
    proxy_pass http://192.168.121.212:4100;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

location /fineract-provider/ {
    proxy_pass http://192.168.121.212:8080;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

}

server {
listen 80;
server_name finexample.mydomain.com;
return 301 https://$host$request_uri;
}


map $http_upgrade $connection_upgrade {
default upgrade;
''      close;
}

/etc/nginx/stream.d/stream.conf
ssl_preread on;

map $ssl_preread_server_name $apigee_up {
api-dev.mydomain.com  apigee_dev;
api-test.mydomain.com apigee_test;
api-prod.mydomain.com apigee_prod;
}

upstream apigee_dev  { server 192.168.121.19:9002; }
upstream apigee_test { server 192.168.121.19:9003; }
upstream apigee_prod { server 192.168.121.19:9004; }

server {
listen 0.0.0.0:443;  # TCP listener; no “ssl” keyword for passthrough
proxy_pass $apigee_up;
ssl_preread on;
}

Command Output
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Error Log
[emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
[emerg] bind() to 74.234.201.105:443 failed (99: Cannot assign requested address)
[emerg] still could not bind()

Summary
NGINX fails to start because both the HTTP vHost and the stream configuration attempt to bind to port 443 on the same IP address, resulting in a port conflict.

Question
What’s the best approach to run both configurations simultaneously —
where:
• NGINX acts as a TLS passthrough proxy for Apigee, and
• also continues to serve finexample.mydomain.com over HTTPS?

Would using a secondary public IP or separating stream and HTTP listeners by IP be the right approach?

Any guidance or best practices would be greatly appreciated.

Best regards,

Kaushal

2

Hey @kaushalshriyan!

The issue here is that you have two servers listening on the same IP with no unique server names.

Both your suggestions would be okay, so would be specifying different server names. There really is no one generic answer on what’s best since it depends on multiple factors, so I would say try out what you think will work best for your environment, your needs, and what you can readily accomplish!

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.