I am running a webserver on an Ubuntu ec2 instance. The service accepts http connections over port 8080.
The next step is to allow the service to be e accessible using public_DNS:8080. I've modified the security group to accept all incoming traffic on 8080. However, I get connection refused when I try it on my browser. I am guessing it is something to do with the Ubuntu firewall.
I have very little idea about it. Any suggestions on how I can proceed to resolve this?
Related
I had EC2 server where I was running my existing application. The EC2 instance was on private subnet and ELB was created in public subnet with access to particular VPN IP. So whenever I was on VPN, I was able to access my application and if I am outside that VPN IP then I wasn't able to access the application.
Now I have created EKS cluster and I am deploying my application using kubectl with docker image of the application. Weird thing is the application works fine whenever I am NOT on VPN (I tweaked security group to allow all traffic from all IPs) and whenever I am on VPN, I receive "ERR_CONNECTION_RESET" in chrome and curl shows - empty response received from server.
Till now I have tried below things. As I am relatively new with EKS, I am not able to find much.
1. Same security group applied - Not resolving
2. Checked logs of all pods - whichever pods I received from "kubectl get po --all-namespaces" - No issues showing up
3. Checked /var/log/messages
4. Tried to change application port
5. kubectl get events not showing anything on why server is sending back empty response.
6. Tried to SSH to node and tried to curl localhost:30080 and it works fine, but when tried to curl from my machine (which is on VPN), it fails with empty response.
Please again note that, the application runs totally fine when I am outside VPN. Further my old application (that is on EC2) runs fine with VPN.
Thanks in advance!
Finally found the issue was with the corporate VPN which was blocking all ports other than 80 and 443. When I was creating the service, I wanted to have ELB to expose port 5000. So I was thinking elb-host:5000 will point to dev service nodeport which was 30080. This was perfectly working when I was NOT on the VPN. But when I was connecting the site using VPN, corporate traffic was blocking port 5000 on ELB. After I changed the port to 80, it started working as expected.
While using nginx, it was creating ELB with port 80 instead of my intended port 5000. I didn't notice that port change and thought that this is happening due to IP blocking.
I have a instance Linux in an EC2 service that was working before I changed the security group in order to accept HTTP port 80.
Before that change it was only port 22, SSH, we see in the picture below:
After I added HTTP I can't get access trough the terminal and get Time out operation error.
How to solve this issue?
If you stopped the instance, and then started it (not a reboot) then the public IP will change. You can attach an Elastic IP address to prevent that.
I have hosted web application (developed in PHP) on Amazon EC2 micro instance. As per default setting, i can access 80, 22, 443 and 3306 ports from remote locations means from Home(terminal window) using telnet command.
I want to open another custom TCP port XXXXX. I have added that port in Security Group. when i am trying to connect that port through telnet command it is always show "Connection refused".
I have been trying to solve this issue for 3 days but could not get successful solution.
Help would be really appreciated.
Thanks
Adding a port in security group (inbound) ensures that the port can be accessed from outside. Please check following
Is the port open for anywhere (0.0.0.0/0) or for a custom IP. If for custom IP, please check the IP of your machine (search 'what is my ip' on google).
Is there any application listening on the port on EC2 machine.
I have a VPN (pptpd) server configured and a client connected. In the same machine of VPN server, I have a proxy server (port 3128)(squid) running with authentication enabled. When I use the proxy in my firefox browser it works fine. However, when I conect my notebook to my VPN server I can't navigate using firefox + proxy. Just to remember Proxy server and VPN server running in same machine (a VPS). I'm using UFW firewall.
Is there some tips in configuration files (pptpd or squid) to get this problem fixed?
Best Regards!
use squid's access.log to make sure: squid doesn't receive requests from your notebook; check the routing availability between internal IP network of VPN server and proxy address, it must be accessible (pingable). you may use port address translation (PAT) as a simple fix.
I am having trouble connecting to an Amazon Elastic Cloud Computer Instance via a browser.
I attempted going to ********.compute-1.amazonaws.com , but the browser returns that the connection has timed out.
I can connect via ssh and winscp. That is how I uploaded a web app I developer. I have also created a security group and added rules to open ports 22 and 80.
Do I have to assign the security group to the instance somehow?
The security group's rules also do not have a source IP, well they do its 0.0.0.0/0
I would really appreciate any and all help in getting this site ' viewable ' via a browser.
By default, your instances will only be in the default security group. If it's an EC2 instance you cannot change security groups while the instance is running, you'll have to specify them in advance. If it's a VPC instance you can change security groups at runtime.
Add the rule to the default group
You can however add the rule to allow port 80 to that default security group; just don't create a new security group as it can not be associated with the running instance.
Is the web server up?
Also, make sure that your web server is up and running. From your instance (using SSH shell access), check if the right process is listening on port 80, using the command netstat -lnp. You should then see a row with proto tcp and a Local Address ending in :80. The IP Address listed should be either 0.0.0.0 (meaning 'any IP') or a specific IP of a listening network interface.
Web server not up
If you are in need of a web server, take a look at Apache or Nginx. They both support PHP.
Hope this helps.
I had also faced similar issue with ec2 micro instance. I was using Red-Hat AMI. Despite of opening ports 8081 in security group, I was not able to a telnet to the host port. Disabling the iptable did the trick for me:
sudo /etc/init.d/iptables stop
Do not forget to disable firewall if you use windows for your server.
I faced the same issue while setting up redash AMI image on AWS. Inbound security rules should be changed when instance is not running. Let's say if the instance is running (meaning it's active and started); If you change the inbound rules of that machine you'll still face firewall issue. So Stop the machine on which you want to change the inbound rules on. Change the inbound rules. Start the machine now. Now you can hit the machine url from the ip you just opened the access to the machine to.
The EC2 instance firewall is maybe enabled.
Check it with this command:
sudo systemctl status firewalld
if enabled you can disable it with :
sudo systemctl disable firewalld
or setup rules to allow port 80 trafic