I have Centos7 VM built using vagrant with private IP address of:192.168.56.255
I am running my Spring boot application on that VM on port 8443. It supports HTTPS. My issue is that when try to send https requests to 192.168.56.255 web server via Curl command i got
curl: (7) Couldn't connect to server
I have read many tutorials that explain how to configure my Firewall in Cento7 but still got the same issue one is provided by DigitalOcean
When I type
sudo firewall-cmd --list-all-zones
I got
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh dhcpv6-client https http mysql
ports: 8443/tcp 3306/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
As you can see I enabled everything I need and more but still. I even shut down the Firewall but still the connection is refused from my host.
When I made the changes I did reload my firewall
sudo firewall-cmd --realod
So that is not the problem
The problem was not with the Firewalld but with the pre-configured IP address using Vagrant.
The IP address should not be 255 in the first byte as I did 192.168.56.255
because that indicates that this is a broadcast address. So i solved it by changing it to 192.168.56.10
Related
Installed harbor on a host. Using plain HTTP protocol.
The IP is 192.168.33.10.
I can login it from harbor server itself:
sudo docker login 192.168.33.10
And can access it from browser:
http://192.168.33.10
But can't login it from other client(Mac, installed docker use it). The error message is:
docker login 192.168.33.10
Username: user1
Password: (my_password)
Error response from daemon: Get https://192.168.33.10/v2/: dial tcp 192.168.33.10:443: getsockopt: connection refused
From Harbor documentation there has this notice:
https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
IMPORTANT: The default installation of Harbor uses HTTP - as such, you will need to add the option --insecure-registry to your client's Docker daemon and restart the Docker service.
Both the harbor host and client host set /etc/docker/daemon.json:
{ "insecure-registries":["192.168.33.10"] }
and restarted docker. However, it not works.
If don't setup harbor under HTTPS protocol now, is there a way to access it from client correctly?
Solution
It's unnecessary to set /etc/docker/daemon.json on client. Mac has another way:
Apply and Restart
I have a Centos 7 OS configured on VirtualBox machine. I have installed X509 certificate using Openssl tool and configured the apache HTTPD server.
I connect to Centos7 guest on VirtualBox via SSH on my local MAC OSX Seirra (10.12.3) on terminal using root. I have verified that /etc/host on my MAC is correctly pointing to the guest on VirtualBox. Also verified the port forwarding on VirtualBox and they are all setup correctly for allowing traffic on 80 (http) and 443 (https) and 22 (ssh).Also I have made sure that Apache user has proper previleges on the index.html and other folders under DocumentRoot folder. I have also verified that /etc/host on my MAC is correctly pointing to a guest running on VirtualBox.
I have set the firewall to :
setenforce 0
So hopefully it is not a SELinux issue.
Then I run following command on terminal as root user of my Centos7 OS :
curl https://localhost -k
and I do get the default index.html file content.
But then, when I go to my MAC OS browser to connect to VirtualBOX website on HTTPS, I see following message on Chrome browser :
This site can’t be reached localhost refused to connect.
Please note that I can connect to my Vbox CentOS HTTPD server on HTTP.
So what is going wrong here when trying to access the apache server using HTTPS?
You must enable access to https using firewall-cmd:
# firewall-cmd --permanent --add-service=https
or
# firewall-cmd --permanent --add-port=443/tcp
then reload the rules
# firewall-cmd --reload
Try this once.
systemctl stop firewalld
After that try to access website.
I have an EC2 instance which is running with the following security groups:
HTTP - TCP - 80 - 0.0.0.0/0
Custom UDP Rule - UDP - 1194 - 0.0.0.0/0
SSH - TCP - 22 - 0.0.0.0/0
Custom TCP Rule - TCP - 943 - 0.0.0.0/0
HTTPS - TCP - 443 - 0.0.0.0/0
However, when I try to access http://{PUBLIC_IP} or https://{PUBLIC_IP} in the browser, I get a "{IP} refused to connect" error. I'm new to AWS. Am I missing something here? What should I do to debug?
One way to debug this particular class of problem is to use netcat in order to determine where the problem lies.
If you run netcat against port 80 on the public IP address of your instance and just get a hang (no output at all), then most likely your security group isn't allowing traffic through. Here is an example from an EC2 instance that is in a security group that doesn't allow port 80 traffic inbound:
% nc -v 55.35.300.45 80
<just hangs>
Whereas if the security group is changed to allow port 80, but the EC2 instance doesn't have any process listening on port 80, you'll get the following:
% nc -v 55.35.300.45 80
nc: connectx to 52.38.300.43 port 80 (tcp) failed: Connection refused
Given that your browser gave you a similar "connection refused", most likely the problem is that there is no web server running on your instance. You can verify this by ssh'ing into the instance and seeing if you can connect to port 80 there:
ssh ec2-user#55.35.300.45
% nc -v localhost 80
nc: connect to localhost port 80 (tcp) failed: Connection refused
If you get something like the above, you're definitely not running a webserver.
I'm not sure if it's too late to help but I was stuck with a similar issue with my test server
SG Inbound: ssh -> 22
HTTP -> 80
NACL: default allow/deny settings
but still couldn't ping to the server from my browser, then I realize there's nothing running on the server that can serve the request, and I started httpd server (webserver) and it worked.
sudo yum -y install httpd
sudo service httpd start
this way you can test the connectivity if you are playing with SGs and NACLs and of course it's not the only way, just an example if you're figuring your System N/W out.
Have you installed webserver(ngingx/apache) to serve your requests. If so please share your the config files. (So that it will help to troubleshoot)
I think the reason is probably that you did not set up a web server for your EC2 instance, because if you try to access http://{PUBLIC_IP} or https://{PUBLIC_IP}, you need to have a background server to serve the http request as #Niranj Rajasekaran said.
By the way, by simply pinging the {PUBLIC_IP}, you could see if your connection to your EC2 instance is normal or not.
In command prompt or terminal, type
ping {PUBLIC_IP}
In my case, the server was running but available on just 127.0.0.1 so it refused connections from external hosts. To see if this is your situation, you can run
netstat -an | grep <port number>
If it says 127.0.0.1:<port number> instead of 0.0.0.0:<port number>, you have this problem.
Usually there's a flag or an argument in your server code somewhere to set the host to 0.0.0.0:
app.run(host='0.0.0.0') # flask example
However, in my case, I had already set this so I thought that couldn't possibly be the issue, which is how I ended up on this thread, which asks more generally about the problem. Unfortunately, I was using docker, and had set 0.0.0.0 on the container but was mapping that explicitly to 127.0.0.1 on the host in the docker-compose port-mapping:
ports:
- "127.0.0.1:<port number>:<port number>"
Changing that line to remove the host IP specification fixed the problem upon re-deploy:
ports:
- "<port number>:<port number>"
I'm using Boot2Docker to manage Docker containers in Windows and I have a container running an IBM Liberty server (I guess is the same for any other server), I can access the server home screen in the host machine using only the ip (which I get using the command boot2docker ip), but if I try to access the server using the https port, like this xx.xx.xx.xx:9443 the connection fails.
I tried forwarding the port in VirtualBox like this:
And then access the server using the ports 1000 or 1001, but it fails too.
Am I missing something?
BTW, I'm using default NAT connection.
https uses port 443 (not 9443) by default.
Make both "Host Port" and "Guest Port" 443 and try again.
I'm running werkzeug (as part of a Tilestache setup) inside a Vagrant VM, running ubuntu 'precise.'
In my Vagrantfile, I have:
config.vm.network :forwarded_port, guest: 8080, host: 8080
When I start the server in the VM, I see:
* Running on http://127.0.0.1:8080/
If I curl that address from within the VM, I get the expected result. When I curl it from the host machine, I get:
curl: (52) Empty reply from server
And Chrome says "No data received."
Troubleshooting info:
The server responds to pings from the host machine
a port sniffer verifies that the port is open
running netstat -ntlp | grep 8080 in the vm shows that the server is listening on 8080
My local hostsfile doesn't have any weird conflicts
I'm also forwarding 22 => 2222, and I can ssh in with no trouble
I've disabled the firewall on the host, and i don't believe there's one on the guest (iptables and ufw are disabled, at least)
I've set auto_correct: true in case there are conflicts (there aren't)
I know I could set up a private network, but I'd like to understand why this isn't working and how to troubleshoot it.
Any other ideas?
When running a server from within a VM, start the server on 0.0.0.0 instead of 127.0.0.1.
127.0.0.1 is only accessible to the local machine, which for a VM means nothing outside of the VM can reach it! 0.0.0.0 is accessible from anywhere on the local network, which to a VM includes the host machine.
The answer came from here: Connection Reset when port forwarding with Vagrant
(Which apparently got its answer from here: https://stackoverflow.com/a/5999945/738675)
With help from: https://serverfault.com/questions/78048/whats-the-difference-between-ip-address-0-0-0-0-and-127-0-0-1
Google-bait:
Here are the errors you might receive if this is the problem:
Chrome: "No data received"
Firefox: "The connection was reset - The connection to the server was reset while the page was loading."
Safari: "Safari can’t open the page [URL] because the server unexpectedly dropped the connection"
curl: "Empty reply from server"
In the /etc/hosts inside the VM, change line
127.0.0.1 localhost -> 0.0.0.0 localhost
and then restart server
This can also be a problem with your firewall on the vagrant machine. If you can curl the address while on the vagrant box, then check your firewalld settings or turn it off:
on CENTOS:
sudo service firewalld stop
Then you should update your firewalld settings and restart it ;)