How to Fix Nginx Connection Refused on DigitalOcean Droplet

The Root Cause

“Nginx Connection Refused” on a DigitalOcean Droplet typically means the Nginx service is not actively listening on the expected port (80 or 443) or a firewall is explicitly blocking the connection before Nginx can respond. This usually points to either Nginx being stopped, a configuration error preventing it from starting, or critical firewall rules (UFW or DigitalOcean’s cloud firewall) denying access.

Quick Fix (CLI)

# 1. Check Nginx service status
sudo systemctl status nginx

# If Nginx is 'inactive (dead)' or 'failed', start it:
sudo systemctl start nginx
sudo systemctl enable nginx # Ensures Nginx starts on boot

# 2. Check Nginx configuration for syntax errors
sudo nginx -t

# If tests pass, reload Nginx (even if it was running, to apply any silent changes)
sudo systemctl reload nginx

# 3. Check UFW (Uncomplicated Firewall) status and rules
sudo ufw status verbose

# If UFW is active and Nginx ports (80/443) are not explicitly allowed:
sudo ufw allow 'Nginx Full' # This profile allows both HTTP (80) and HTTPS (443)
sudo ufw reload

# 4. Verify Nginx is listening on the correct port (e.g., 80)
sudo ss -tuln | grep :80
# Expected output similar to: tcp   LISTEN 0      128    0.0.0.0:80       0.0.0.0:*

Configuration Check

The primary file to check is typically your main Nginx configuration or a site-specific configuration.

  1. Main Nginx Configuration: /etc/nginx/nginx.conf
  2. Site-Specific Configuration: /etc/nginx/sites-available/default (or your specific site config, e.g., yourdomain.com.conf)

Lines to change/verify:

Ensure that Nginx is configured to listen on the correct ports. In your server block (usually within /etc/nginx/sites-available/default):

server {
    listen 80;               # Ensures Nginx listens for HTTP traffic on port 80
    listen [::]:80;          # Ensures Nginx listens for HTTP traffic on IPv6
    # listen 443 ssl;        # If you have SSL configured, ensure this is present for HTTPS
    # listen [::]:443 ssl;   # IPv6 for HTTPS

    server_name your_domain.com www.your_domain.com; # Replace with your actual domain
    
    # ... other configurations
}

After modifying any Nginx configuration file, always test the configuration for syntax errors and reload Nginx:

sudo nginx -t
sudo systemctl reload nginx

Verification

To confirm the fix, attempt to connect to your Droplet’s IP address or domain name.

# Using curl to check HTTP header
curl -I http://YOUR_DROPLET_IP_OR_DOMAIN

# Example successful output:
# HTTP/1.1 200 OK
# Server: nginx/1.18.0 (Ubuntu)
# Date: Tue, 01 Jan 2024 12:00:00 GMT
# Content-Type: text/html
# Content-Length: 612
# Last-Modified: Tue, 01 Jan 2024 11:55:00 GMT
# Connection: keep-alive
# ETag: "659345c4-264"
# Accept-Ranges: bytes

⚡ Related Troubleshooting Guides