starred/project-pegaprox-PegaProx

Fork 0

mirror of https://github.com/PegaProx/project-pegaprox.git synced 2026-04-25 10:05:56 +03:00

[GH-ISSUE #11] 🐞 Bug: PegaProx unreachable after SSL + Port 443 / Reverse Proxy login timeout #9

New issue

Closed

opened 2026-03-02 15:47:09 +03:00 by kerem · 4 comments

kerem commented

2026-03-02 15:47:09 +03:00

Owner

Originally created by @PhiGi87 on GitHub (Jan 27, 2026).
Original GitHub issue: https://github.com/PegaProx/project-pegaprox/issues/11

Originally assigned to: @mkellermann97 on GitHub.

Title

PegaProx becomes unreachable after enabling SSL + switching to port 443; behind nginx login triggers timeout to 127.0.0.1:5000

Description

When uploading an SSL certificate in PegaProx and changing the service port to 443, the system becomes unreachable. The service status still indicates it is running, but netstat shows no listening ports afterwards.

As an alternative, I tried keeping PegaProx on its original port and placing an nginx reverse proxy in front. In that setup, the login fails because the frontend times out while trying to reach 127.0.0.1:5000.

I haven’t been able to fully inspect all logs yet, so this might be known behavior.

Environment

Product: PegaProx Pre-Made VM (QEMU)
PegaProx version: Beta 0.6.1

Case A: Native SSL on Port 443

Steps to Reproduce

Open PegaProx admin/configuration.
Upload an SSL certificate and key.
Change the configured listening port to 443.
Apply/save configuration and restart the service if prompted.

Expected Behavior

PegaProx should start listening on TCP/443 and reachable via HTTPS.
netstat / ss should show the service listening on 0.0.0.0:443.

Actual Behavior

The web UI becomes unreachable.
Service status/health indicates it is still running, but netstat shows no open/listening port.
The service appears to be “alive” but not bound to a port.

Case B: nginx Reverse Proxy in front

Steps to Reproduce

Keep PegaProx on its original port (5000).
Configure nginx as reverse proxy for HTTPS 443 → PegaProx upstream.
Open the public URL and attempt to log in.

Expected Behavior

Login should succeed through the proxy.
No client-side/internal requests should depend on 127.0.0.1.

Actual Behavior

Diagnostics / Evidence

After switching to 443 + SSL:
- netstat shows no listening ports (PegaProx not listening)
Behind nginx:
- Browser/frontend reports a timeout to 127.0.0.1:5000

Thank you for the great work and your help.

Originally created by @PhiGi87 on GitHub (Jan 27, 2026). Original GitHub issue: https://github.com/PegaProx/project-pegaprox/issues/11 Originally assigned to: @mkellermann97 on GitHub. ### **Title** **PegaProx becomes unreachable after enabling SSL + switching to port 443; behind nginx login triggers timeout to 127.0.0.1:5000** --- ### **Description** When uploading an SSL certificate in **PegaProx** and changing the service port to **443**, the system becomes unreachable. The service status still indicates it is running, but **`netstat` shows no listening ports** afterwards. As an alternative, I tried keeping PegaProx on its original port and placing an **nginx reverse proxy** in front. In that setup, the login fails because the frontend times out while trying to reach **`127.0.0.1:5000`**. I haven’t been able to fully inspect all logs yet, so this might be known behavior. --- ### **Environment** - **Product:** PegaProx Pre-Made VM (QEMU) - **PegaProx version:** Beta 0.6.1 --- ## **Case A: Native SSL on Port 443** ### **Steps to Reproduce** 1. Open **PegaProx** admin/configuration. 2. Upload an **SSL certificate and key**. 3. Change the configured listening port to **443**. 4. Apply/save configuration and restart the service if prompted. ### **Expected Behavior** - PegaProx should start listening on **TCP/443** and reachable via HTTPS. - `netstat` / `ss` should show the service listening on **0.0.0.0:443**. ### **Actual Behavior** - The web UI becomes unreachable. - Service status/health indicates it is still running, **but `netstat` shows no open/listening port**. - The service appears to be “alive” but not bound to a port. --- ## **Case B: nginx Reverse Proxy in front** ### **Steps to Reproduce** 1. Keep PegaProx on its original port (5000). 2. Configure **nginx** as reverse proxy for HTTPS **443** → PegaProx upstream. 3. Open the public URL and attempt to log in. ### **Expected Behavior** - Login should succeed through the proxy. - No client-side/internal requests should depend on **`127.0.0.1`**. ### **Actual Behavior** - Login fails; frontend hits a timeout trying to connect to **`127.0.0.1:5000`**. --- ### **Diagnostics / Evidence** - After switching to **443 + SSL**: - **`netstat` shows no listening ports** (PegaProx not listening) - Behind **nginx**: - Browser/frontend reports a timeout to **`127.0.0.1:5000`** Thank you for the great work and your help.

kerem

2026-03-02 15:47:09 +03:00

closed this issue
added the
bug
label

kerem commented

2026-03-02 15:47:10 +03:00

Author

Owner

@mkellermann97 commented on GitHub (Jan 27, 2026):

Hi @PhiGi87 ,
Case A:
Please note that port 443 is a known limitation on Linux – it's a privileged port that can't be used with the PegaProx service user. https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux

Case B:
Thanks for the detailed steps. It looks like there might be a configuration issue with how the frontend resolves the backend URL behind your nginx reverse proxy.
Could you send us the following logs to support@pegaprox.com so we can investigate further:

PegaProx logs
nginx configuration (sites-available)
Browser console output (F12 → Console)

Regards,
Marcus

@mkellermann97 commented on GitHub (Jan 27, 2026): Hi @PhiGi87 , Case A: Please note that port 443 is a known limitation on Linux – it's a privileged port that can't be used with the PegaProx service user. https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux Case B: Thanks for the detailed steps. It looks like there might be a configuration issue with how the frontend resolves the backend URL behind your nginx reverse proxy. Could you send us the following logs to support@pegaprox.com so we can investigate further: PegaProx logs nginx configuration (sites-available) Browser console output (F12 → Console) Regards, Marcus

kerem commented

2026-03-02 15:47:10 +03:00

Author

Owner

@PhiGi87 commented on GitHub (Jan 29, 2026):

I need to rebuild it like that. I'll try to recreate it in the next few days.

@PhiGi87 commented on GitHub (Jan 29, 2026): I need to rebuild it like that. I'll try to recreate it in the next few days.

kerem commented

2026-03-02 15:47:10 +03:00

Author

Owner

@MrMasterbay commented on GitHub (Jan 29, 2026):

Heyha @PhiGi87 ,

please check this out and run this in your VM.
Curl -O https://raw.githubusercontent.com/PegaProx/project-pegaprox/refs/heads/main/web/Dev/patch.sh
chmod +x patch.sh
./patch.sh

This should fix most / all of the issues that we had with the old VM preview.
This shiould also fix the 443 problem. Just to be sure please make a snapshot before I did work with out VM but we are unsure.
Best regards,
Nico

@MrMasterbay commented on GitHub (Jan 29, 2026): Heyha @PhiGi87 , please check this out and run this in your VM. Curl -O https://raw.githubusercontent.com/PegaProx/project-pegaprox/refs/heads/main/web/Dev/patch.sh chmod +x patch.sh ./patch.sh This should fix most / all of the issues that we had with the old VM preview. This shiould also fix the 443 problem. Just to be sure please make a snapshot before I did work with out VM but we are unsure. Best regards, Nico

kerem commented

2026-03-02 15:47:10 +03:00

Author

Owner

@MrMasterbay commented on GitHub (Feb 1, 2026):

Hi @PhiGi87 ,
Issue closed feel free to reopen it again if the fix didn't work.

Best Regards,
Nico

@MrMasterbay commented on GitHub (Feb 1, 2026): Hi @PhiGi87 , Issue closed feel free to reopen it again if the fix didn't work. Best Regards, Nico