Unresponsive .NET Kestrel on Ubuntu 20

Question

I'm trying to run .NET on Ubuntu, with the following appsettings.json:

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*",
  "ConnectionStrings": {
    "DefaultConnection": "Server=1.2.3.5:1234;Database=somedomain.com;Uid=default;Pwd=password;"
  },
  "Kestrel": {
    "Endpoints": {
      "Https": {
        "Url": "https://localhost:7000",
        "Certificate": {
          "Path": "/etc/letsencrypt/live/somedomain.com/cert.pem",
          "KeyPath": "/etc/letsencrypt/live/somedomain.com/privkey.pem"
        }
      }
    }
  }
}

And the following program.cs:

using Microsoft.AspNetCore.HttpOverrides;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddControllers();

builder.Services.AddRazorPages();

var app = builder.Build();

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});

// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    //app.UseHttpsRedirection();
}

app.UseStaticFiles();

app.UseRouting();

app.UseAuthorization();

app.MapControllers();

app.MapRazorPages();

app.Run();

It starts up fine, but if I open port 7000 then even telnet can't make a connection to Kestrel. However, running lsof -i:7000 shows it listening on that port. What gives?

Update:

Running telnet from outside doesn't work, but from localhost it's OK. If Nginx is running and I try to connect to port 443 in a browser, it returns '403 Forbidden'. Here's the Nginx config for the site:

limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;
server_tokens  off;

upstream somedomain.com
{
    server 127.0.0.1:7000;
}

server
{
    root /var/www/somedomain.com;
    server_name somedomain.com;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot

    ssl_certificate           /etc/letsencrypt/live/somedomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key       /etc/letsencrypt/live/somedomain.com/privkey.pem; # managed by Certbot
    include                   /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam               /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    #Redirects all traffic
    location /
    {
        proxy_pass https://somedomain.com;
        limit_req  zone=one burst=10 nodelay;
        try_files $uri $uri/ =404;
    }
}

server
{
    if ($host = somedomain.com)
    {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 default_server;
    listen [::]:80 default_server;
    server_name somedomain.com;
    return 404; # managed by Certbot
}

Update 2:

I updated the NGINX configuration with the following, but the issue persists:

    location / {
        proxy_pass         https://127.0.0.1:7000/;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

Answer 1

OK, I fixed the issue described by binding to * instead of localhost:

  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://*:7000"
      }
    }
  }

There's still errors now, but exceptions from my code in the project rather than simply not responding to requests. So I'll consider this case closed.