Unable to open nginx with domain and can't open checkmk in Firefox browser

Yes, I’m not able to open my domain on the browswer. My server IP address (IPv4) is 192.168.1.253, which is configured in my nginx.conf.

But even when I type in the IP address in the browser, it still doesn’t connect.

Regarding the default_server, is this kind of like a back up server in case any forwarding requests from the client can’t reach my host, i.e. arborhub?

As far as Godaddy, I did configure DNS A records for arborhub and even configured A records for sv1, sv2 and sv3 which are the load balancers I set up in the file

I know this is a separate nginx issue, but I’m not able to configure SSL certificate with Let’s Encrypt.

I installed Certbot with sudo apt install certbot python3-certbot-nginx and I tried to create SSL cert with sudo apt certbox --nginx -d arborhub.io and get this error message

(venv) corey-james@corey-james-HP-Laptop-14-dq0xxx:~$ sudo certbot --nginx -d arborhub.io
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for arborhub.io

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: arborhub.io
  Type:   unauthorized
  Detail: 15.197.148.33: Invalid response from http://arborhub.io/.well-known/acme-challenge/M1Ug5dbaJFxtT-A4UcSTJrCOfHqCBGJ8n-h5Q3BoUk0: 403

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Actually this might be related to my nginx conf file

Here is my edited nginx.conf

  GNU nano 8.1                         nginx.conf                                   
worker_processes auto;

events {
    worker_connections 1024;
}

http {
    include mime.types;
    default_type application/octet-stream;

    sendfile on;
    keepalive_timeout 65;

    # Upstream load balancer configuration
    upstream myapp1 {
        ip_hash;
        server srv1.arborhub.io;
        server srv2.arborhub.io;
        server srv3.arborhub.io;
    }

    # Server block must be inside HTTP, not at the top level
    server {
        listen 80;
        listen [::]:80;
        server_name arborhub.io;

        location / {
            proxy_pass http://127.0.0.1:8000;
            proxy_cache video_cache;
            proxy_cache_revalidate on;
            proxy_cache_background_update on;
            proxy_cache_use_stale updating;
            proxy_cache_lock on;
            proxy_cache_valid 200 7d;
        }

        location /static/ {
            autoindex on;
            alias /home/ubuntu/MyProject/static/;
        }

        location /media/ {
            autoindex on;
            alias /home/ubuntu/MyProject/media/;
        }

        location /analytics {
            rewrite /analytics/(.*) /$1 break;
            proxy_pass http://192.168.1.253:30845;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $host;
            proxy_connect_timeout 36000;
        }

        mail {

    server_name mail.test.com;
    auth_http   http://127.0.0.1:8000;
    # disabling xclient command
    xclient off;    server {
        listen     3333;
        protocol   smtp;
        smtp_auth  none;
    }
}

You can see port 3000 for checkmk was removed

The IP address that you shared is a private IP, so unless you are on the same network as the server that will not work. Also, depending on the OS that you are running, there could be a firewall on by default, so you will either need to disable it or allow 80/443 to be open. I would focus figuring that part out before trying to troubleshoot anything else.

The certbot error is definitely related to DNS as well, since the IP it is throwing an error for is the same IP I am seeing in DNS for that domain, which resolves to a godaddy page for parked domains.

I am on the same network (LAN) as the server. Plus I always thought IPv6’s were private IP’s, not IPv4’s.

I’m running on Ubuntu Desktop 24.04. So maybe I should allow the firewall to be disabled or allow 80/443 to open.

I will share a screenshot of my Godaddy DNS A records now

I would check the firewall, that is probably the core of the problem.

Also, those DNS entries will not work, since they are private IP’s and not publicly addressable. If you want to have the site be publicly available, you will have to figure out how to assign a public IP to the system or setup a NAT at the router layer. This is going to be dependent on your specific network setup, so only so much we can help there.

Yeah I kind of figured why this wasn’t working. I think firewall is the source of the nginx issue.

Why I can’t or you can’t access my Django app most definitely is caused by not having a public IP address, which my guess is something my ISP has to fix.

Thank you for everything friend

I think a static IP address provided by my ISP is probably the best option for my web app for now, since I’m self hosting

One last thing, I containerized my Django backend. But how do I containerize my nginx server/reverse proxy?

If you can provide some links, that would be great

You can find the official nginx docker image on dockerhub. We also have a docker desktop extension for nginx that can help push configs to the container. Here are a couple links that might help as well:

So the first link isn’t helpful since I’m having trouble logging into Docker.

Anyway, I’m not trying to use Docker Desktop since I’m on Linux

So I was able to create a Docker image for my nginx server. I can open nginx in the browser.

However, I want to use my domain name and also don’t want the browser to display the default nginx page, instead I want it to display my Django web app

I’m not sure if this relates back to the public DNS issue I had before

Screenshot From 2025-04-16 15-16-231300×736 47.6 KB

This isn’t related to my IP static address for DNS

Yes, you will need to remove the default.conf that it ships with the package and add in your own server configuration into the container. I would recommend keeping the default nginx.conf, and put your server config in the /etc/nginx/conf.d directory. As long as the file ends in .conf and is in the conf.d directory, it will be read by nginx.

So when you say keep the default config file. you mean paste in there the server blocks from here?

It’s just confusing because it feels like I have two nginx directories, the old nginx cofig and the new one, a containerized nginx image.

I already had a previous nginx directory before creating an nginx container.

Would I have to navigate to the directory of the container which contains the default nginx.conf and paste all configurations there?

I’m sorry if I’m confusing or this doesn’t make any sense

The standard best practices with nginx configuration files is to put the server specific config into a .conf file in the /etc/nginx/conf.d directory. There is an include statement in the default nginx.conf that will load any files ending in .conf from that directory into the http context.

To get the file onto the container, you would modify the dockerfile to copy the file into the /etc/nginx/conf.d directory when it is built.

Can you please elaborate " There is an include statement in the default nginx.conf that will load any files ending in .conf from that directory into the http context."?

For example, I’m in this “/etc/nginx/conf.d”, I have a default nginx.conf file, do I just copy all http/server blocks to this default .conf file?