A DevOps engineer is investigating why an HTTPS-only web application on a RHEL server is unreachable from the internet. She has confirmed that the nginx service is active and listening on 0.0.0.0:443, DNS resolves correctly, and the server can reach external hosts. Remote SSH works. She then runs:
The firewall's public zone currently allows only the predefined ssh service, so packets destined for TCP 443 are dropped before they ever reach nginx. The most precise remedy is to add the predefined https service to the zone and reload the configuration so it becomes permanent. This automatically opens TCP 443 (and any related helper ports) without exposing additional, unnecessary services. Disabling the firewall would restore access but abandons security. Opening port 53/udp is irrelevant to HTTPS, and moving the interface into the trusted zone would expose every port on the server, violating least-privilege principles.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the 'firewall-cmd' command do in RHEL?
Open an interactive chat with Bash
Why is it better to use '--add-service=https' instead of '--add-port=443/tcp'?
Open an interactive chat with Bash
What is the principle of least privilege in server security?