127.0.0.1 is special#

This is a very special IP (range), so I'm going to go into it a bit more below.

There is also something that's very important for you to know about the special IP address and hostname that is 127.0.0.1 and localhost: nothing outside of the system can connect to any services that you have bound (listening on) to 127.0.0.1. This is important, because I've seen people bind HTTPS services to 127.0.0.1 port 443 and then fail to understand why no one can access their website.

In fact this is so important I'm going to visualise it:

Let's walk through this:

1. "Some Other System" (on the same network) is trying to connect to 192.168.1.10 TCP 443
2. This goes over the LAN, which knows that "Server" has that IP address
3. The nginx service is bound to TCP/443 on the IP 192.168.1.10, so that process will receive the inbound connection
4. nginx can then talk to the "Customer Software" solution, passing on the customer's request from "Some Other System"
5. The "Customer Software" connects to 127.0.0.1 TCP 3306, which is where the mysql service listening for inbound connections

The reason "Some Other System" cannot talk to 127.0.0.1 TCP 3306 is because 127.0.0.1 is only available from "within" the same system. nginx, however, is listening for connections on 192.168.1.10 which is available to connect to on the LAN.

You can see if that if "Some Other System" tries to contact 192.168.1.10 TCP 3306 it won't be able to, because the service is bound on 127.0.0.1 TCP 3306. Nor can the other system connect to 127.0.0.1:3306 because 127.0.0.1 from the perspective of "Some Other System" literally represents "Some Other System" - that means it would be trying to talk to itself on TCP/3306.

Keep this in mind.