I just set up my first Amazon EC2 instance (Windows 2008 R2 server) and istalled a jetty 9 on it. But i can not reach it with it's public IP (as shown on the desktop of that system) on port 8080.
I can reach: "http:// localhost:8080"
But i can not reach: "http:// publicIP:8080"
I allowed the port in the EC2 Security group. See the screenshot:
I can even ping the "publicIp" from outside, but can not reach the jetty on port 8080.
I'm not sure where the problem is: Is it a configuration in windows, jetty or the EC2 Management console?
Make sure that the port is open in the Windows firewall.
First obvious problem might be that your security group isn't assigned to that instance. Check that this one is the group your instance is using on the dashboard.
Related
I am trying to set up OpenVPN so that I can access machines inside an Azure subnet from my pc which is outside Azure.
I have successfully installed OpenVPN on both server (Windows Server 2019) and pc (Windows 10) using the instructions here: https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide?__cf_chl_jschl_tk__=pmd_889e3e419b8b865ffd4da6e493bef6df0782273e-1629275604-0-gqNtZGzNAfijcnBszQgi, and I can successfully connect from client to server, however, I cannot connect to any other machine on the Azure subnet upon which the server is sitting.
The server and the other machines I want to connect to are on a 10.0.0.0 subnet, and the VPN is coming up on the 10.8.0.0 network as I would expect from the examples.
I have enabled IP routing on the server as recommended in the OpenVPN FAQ but this has not fixed the issue.
I have also added a 'push "route 10.0.0.0 255.255.255.0"' line to the server config, and I can see from the client log (and the client routing table) that this has been executed, but I am still unable to connect to other machines in the subnet.
I was looking into using Tap instead of Tun, but when I dug into at what was actually being used, it looks as if as if both ends are using the Tap adaptor anyway, even though I have specified 'dev tun' in both the client and the server configs.
I have had bit of a trawl but can't find anything about the Tap adaptor when the Tun adaptor has been configured, so that is a bit of a mystery.
The only other thing that I have read is that it might be necessary to set up a route back to the OpenVPN subnet on the gateway server for 10.0.0.0, but that's not a server I control as it's part of the Azure infrastructure.
What do I have to do to get access to other machines on the 10.0.0.0 subnet? And why is the Tap adaptor being selected despite the config specifying the Tun adaptor ?
I made a number of other changes before I finally got it sorted out - I do not know if they were all necessary but in addition to the above:
I changed 'dev tun' to 'dev tap' in the server and client configs.
I followed the instructions here NAT-hack to add NAT to the server.
And finally, I added 'route 10.0.0.0 255.255.255.0 10.8.0.1' to the
server config file.
I am running a webserver on an Ubuntu ec2 instance. The service accepts http connections over port 8080.
The next step is to allow the service to be e accessible using public_DNS:8080. I've modified the security group to accept all incoming traffic on 8080. However, I get connection refused when I try it on my browser. I am guessing it is something to do with the Ubuntu firewall.
I have very little idea about it. Any suggestions on how I can proceed to resolve this?
I am having difficulty getting Confluence running on windows server 2012 on port 80. (the machine in hosted in Azure which is why I need to run it on port 80 (i dont have access to other ports from where I am trying to use this)).
I believe something must be running on port 80 , though i did a netstat -y and didnt see anything.
I think its IIS any idea how I should kill that or what else could be causing confluence to not run on port 80?
*confluence works find on say port 8090 but i need to run it on port 80.
mind you I cant get confluence to run on port 80 on the local instance of windows server, never mind accessing it from another location thus i dont think this has anything to do with azure
running a
netstat -abn
shows nothing running on port 80. Im still not sure why I cant get confluence to work locally on port 80.
A virtual machine in Azure is not directly public accessible. You need to configure endpoints in the cloudservice (which acts as a loadbalancer).
So for instance you can configure a public endpoint port 80 on the cloudservice to point to your VM port 8090. See http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/ for more information.
If the Endpoint is open on Azure to the VM then my advice would be to check the firewall settings on the host. Typically most ports are shut unless they are explicitly opened by installing a feature like IIS (windows web server).
I installed Mule Community Server on AWS cloud and it is functioning properly. When I use http end point and invoke Mule services from browser on my Amazon EC2 machine they work. When I access them from outside, the request timeout. The end points are not bound to local host but mapped to 0.0.0.0:8081. I have checked all firewall settings using amaozon security group and set permission for all. Yet it doesnt work. I am able to access the Windows IIS http server on the same machine but not mule on port 8081. Any clues would help.
Hope this doesn't sound rude, but did you disable the windows firewall, or allow 8081 through the windows firewall?
I am having trouble connecting to an Amazon Elastic Cloud Computer Instance via a browser.
I attempted going to ********.compute-1.amazonaws.com , but the browser returns that the connection has timed out.
I can connect via ssh and winscp. That is how I uploaded a web app I developer. I have also created a security group and added rules to open ports 22 and 80.
Do I have to assign the security group to the instance somehow?
The security group's rules also do not have a source IP, well they do its 0.0.0.0/0
I would really appreciate any and all help in getting this site ' viewable ' via a browser.
By default, your instances will only be in the default security group. If it's an EC2 instance you cannot change security groups while the instance is running, you'll have to specify them in advance. If it's a VPC instance you can change security groups at runtime.
Add the rule to the default group
You can however add the rule to allow port 80 to that default security group; just don't create a new security group as it can not be associated with the running instance.
Is the web server up?
Also, make sure that your web server is up and running. From your instance (using SSH shell access), check if the right process is listening on port 80, using the command netstat -lnp. You should then see a row with proto tcp and a Local Address ending in :80. The IP Address listed should be either 0.0.0.0 (meaning 'any IP') or a specific IP of a listening network interface.
Web server not up
If you are in need of a web server, take a look at Apache or Nginx. They both support PHP.
Hope this helps.
I had also faced similar issue with ec2 micro instance. I was using Red-Hat AMI. Despite of opening ports 8081 in security group, I was not able to a telnet to the host port. Disabling the iptable did the trick for me:
sudo /etc/init.d/iptables stop
Do not forget to disable firewall if you use windows for your server.
I faced the same issue while setting up redash AMI image on AWS. Inbound security rules should be changed when instance is not running. Let's say if the instance is running (meaning it's active and started); If you change the inbound rules of that machine you'll still face firewall issue. So Stop the machine on which you want to change the inbound rules on. Change the inbound rules. Start the machine now. Now you can hit the machine url from the ip you just opened the access to the machine to.
The EC2 instance firewall is maybe enabled.
Check it with this command:
sudo systemctl status firewalld
if enabled you can disable it with :
sudo systemctl disable firewalld
or setup rules to allow port 80 trafic