First, good morning. After running a DigitalOcean internet tutorial that taught how to set up a web server with Django, I had problems connecting via SSH, however, the site continues to run and accept HTTPS connections without any obstacles on the web.
To check availability, I pinged [Public IPv4 Address] [Public IPv4 DNS] and got no response. Since my website has a purchased DNS, I tried to ping [my website's private DNS] and also no response.
I researched possible errors and I'm already advancing: My security group has the rules: HTTP 80, SSH 22 and HTTPS 443 with any source of IPv4 released. So much so that I did all the server configuration via SSH.
I had already done this process before and had the same error, but since it was a test server, I didn't pay much attention. But now, after performing a change from HTTP to HTTPS (to make the site secure) it happens again!
Here are the tutorials:
Installing the webserver: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-18-04
How to secure Nginx (HTTP to HTTPS): https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04
Any help is welcome and I thank you in advance!
So, in the tutorial (https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04), in the part "Step 3 — Allowing HTTPS through the firewall", to check the status of the Firewall the following command was used:
$ sudo ufw status
But the output was:
Output:
Status: inactive
To work around this problem, I ran:
$ sudo ufw enable
Output:
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
However, AWS itself provides a Firewall system in connection permissions of groups related to the instance.
That way, I ended up "turning off" SSH and only allowing HTTPS traffic, so my server kept running.
So, summary: I couldn't connect via SSH due to running a manual Firewall that overrode the EC2 Instance's Groups control
Thank you for trying to help me! Success!
Related
server from AWS lightsail
pinging reply
service is running
However I got this error
This site can’t be reached
44.202.124.139 refused to connect.
and port is allowed
Check your security groups if it allows port 8069 (and other ports you are using) by the inbound rules. Also, check if your Ubuntu's firewall is enabled. If it is then also configure it to allow those port(s). This should make it possible to connect to your server from the outside to the specific port.
If the problem still persists then I would think that it is not port-related and will try to look at other places for more clues.
I am setting up a Virtual Machine node.js server at Google Cloud Platform. I have set up SSH keys so that I can log into my VM. I can successfully log into my VM using SSH-in-browser and start my server.
I can't access my public IP address through Chrome. I get this message:
This site can’t provide a secure connection.
When I try to connect to the IP within SSH-in-browser, I get the following:
$ curl -vso /dev/null --connect-timeout 5 34.68.254.120:8080
* Trying 34.68.254.120:8080...
* connect to 34.68.254.120 port 8080 failed: Connection refused
* Failed to connect to 34.68.254.120 port 8080: Connection refused
* Closing connection 0
I'm new at this. Any ideas would be appreciated. Thanks!
Edit1: Some more details --
Linux VM
port 8080 ingress is open on the firewall
I'm using OSLogin (`enable-oslogin = TRUE' 'enable-oslogin-sk = FALSE')
I can successfully log into console with both SSH-in-Browser and PuTTY, and I can start my server on port 8080
In both, I get the error above when I try to connect to the IP address
EDIT:
Follow below steps to fix “This Site Can’t Provide a Secure Connection” Error :
This error typically indicates a problem with either your browser’s configuration or the SSL certificate on your site.
1) Your local environment doesn’t have an SSL certificate.
2) Outdated SSL caches in the browser : (This is one of the more popular causes. Web browsers store SSL certificates in a cache, much
like other data. This means they don’t have to verify the certificate
every time you visit a site, which speeds up browsing. However, if
your SSL certificate changes and the browser is still loading an
older, cached version, it can cause this error to pop up).
3) Incorrect time and date settings on your computer.
4) Rogue browser extensions.
5) Overzealous antivirus software.
6) An invalid or expired SSL certificate.
If your firewall rules prevent external access:
Check your firewall rules with the following command: gcloud compute firewall-rules list with this, you can review the VPC where
the VM instance was migrated; and if it has allowed the Ingress TCP:
22 Port.
If this firewall rule is missing, you can add the firewall rule in the GCP console -> VPC Networks ->select your VPC network _Click on
the firewall rules to double check that the tcp: 22 port is allowed.
If the issue still is ongoing after checking the firewall rules, you
can follow this guide to start troubleshooting SSH connection.
I'm trying to make a login HTTP request from the frontend (Angular app) to AWS EC2 instance but it ends up with (ERR_CONNECTION_REFUSED) error.
This would be probably a security group policy issue (from the internet) but correct me if I'm wrong. It was working perfectly before and got this error in a few days. If anyone can help me solve this problem.
I tried to resolve this issue by configuring security group inbound rules with specific port number but port textbox will be disabled when I select HTTP request type. I added a snap of it. Kindly correct me if I'm wrong in detecting the problem so I can make a solution for it.
It can also be due to the service not listening on the port that you are trying to connect to or not started or present. May be if the server running on the AWS instance if listening (and serving) to localhost or 127.0.0.1 / interface can also ignore connections from outside in which case it should be ensured the service listens on the appropriate external address.
AWS also checks to detect abuse. If somehow, some unknown applications maliciously got inside your EC2 instances due to publicly open port and triggered some unknown/malicious traffic, then in that case also AWS can block/shutdown those ports.
Connection refused error means it passed the security group and reached the server, so its definitely not a security group issue
Usually, this is related to the web server is down, maybe due to server restart, or process crash.
try restarting your webserver and check again
Check the status of you web server:
check nginx status
sudo systemctl status nginx
# if errors found reload:
service nginx reload
for apache
sudo systemctl status httpd
# restart if errors found:
sudo systemctl restart httpd
if you found nothing wrong check the log messages at /var/log
I'm unable to connect to my EC2 instance where I have an apache web server running (also running an Express.js server on a different port). I have updated the security group to allow incoming requests to http and https ports but I continue to get this response in the browser:
This site can’t provide a secure connection
*********** sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I am able to ssh into my EC2 instance.
Other than ensuring that the correct ports are open and that a service is listening on those ports, is there any configuration needed to setup simple web server on EC2?
Current security group settings:
Currently open ports (sudo lsof -i -P -n | grep LISTEN):
There are some similar questions posted but they are either vague or have been left for dead
You need to install mod_ssl to tell apache to serve httpS connections.
You can use the default (or self signed certificate) to check the connectivity on port 443. If you need a valid ssl certificate, you can get one for free from Let's Encrypt: https://letsencrypt.org/
You can use CertBOT to auto renew certificates: https://letsencrypt.org/getting-started/
I have deployed jboss-4.2.3 on an EC2 instance. I have added appropriate rule to open port 8080 for inbound traffic. When I ssh into this instance and do curl localhost:8080, the expected response can be seen
But when I try to access it in a browser on my laptop, am unable to connect. Few other things I have tried to eliminate other possibilities
In order to eliminate possibility of firewall issues on my laptop, have tried to connect from another instance on amazon. Doesnt work
Also tried to configure jboss to listen to port 80. Still it can't be accessed. Apache running on port 80 however responds
Any guidance is highly appreciated
Bind your jboss to all IP addresses as below:
./run.sh -b 0.0.0.0
I was struggling with the same issue.
You need to open up port 8080 in the Security Groups as Wildfly is using it. Then you should be able to access the page.