ssl – NGINX proxy to node server (https to http) ERR_CONNECTION_REFUSED

I want to use NGINX as a reverse proxy to my nodejs application running as a docker container on port 3000.

My domain name is from freenom and the ssl certificates are generated using certbot.

I have ensured that the security group for my ec2 instance has inbound 443 and 80 open.

I even tried a http -> http proxy on the first server {} block to my config, and that works fine, but https to http does not work.

The log file at /var/log/nginx/access.log and error.log are empty. If I try to access the site via http, the access.log file gets an entry like this:

my_machine_ip – (01/May/2021:14:35:01 +0530) “GET / HTTP/1.1” 301 178 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.49”

If it is of any importance: I also have a private docker registry running on the server on port 5000 (with ssl) as well as other http services on port 4000 and 9000.

Below is my config at /etc/nginx/sites-available/default.

server {
    listen 80;
    server_name some_domain.com;
    return 301 https://some_domain.com;
}

server {
    listen 443 ssl;
    server_name some_domain.com;
    client_max_body_size 75M;
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect off;
    }

    ssl_certificate /etc/letsencrypt/live/some_domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/some_domain.com/privkey.pem;
    ssl_session_timeout 1h;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    add_header Strict-Transport-Security “max-age=15768000” always;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
}