I am setting up a Virtual Machine node.js server at Google Cloud Platform. I have set up SSH keys so that I can log into my VM. I can successfully log into my VM using SSH-in-browser and start my server.
I can't access my public IP address through Chrome. I get this message:
This site can’t provide a secure connection.
When I try to connect to the IP within SSH-in-browser, I get the following:
$ curl -vso /dev/null --connect-timeout 5 34.68.254.120:8080
* Trying 34.68.254.120:8080...
* connect to 34.68.254.120 port 8080 failed: Connection refused
* Failed to connect to 34.68.254.120 port 8080: Connection refused
* Closing connection 0
I'm new at this. Any ideas would be appreciated. Thanks!
Edit1: Some more details --
Linux VM
port 8080 ingress is open on the firewall
I'm using OSLogin (`enable-oslogin = TRUE' 'enable-oslogin-sk = FALSE')
I can successfully log into console with both SSH-in-Browser and PuTTY, and I can start my server on port 8080
In both, I get the error above when I try to connect to the IP address
EDIT:
Follow below steps to fix “This Site Can’t Provide a Secure Connection” Error :
This error typically indicates a problem with either your browser’s configuration or the SSL certificate on your site.
1) Your local environment doesn’t have an SSL certificate.
2) Outdated SSL caches in the browser : (This is one of the more popular causes. Web browsers store SSL certificates in a cache, much
like other data. This means they don’t have to verify the certificate
every time you visit a site, which speeds up browsing. However, if
your SSL certificate changes and the browser is still loading an
older, cached version, it can cause this error to pop up).
3) Incorrect time and date settings on your computer.
4) Rogue browser extensions.
5) Overzealous antivirus software.
6) An invalid or expired SSL certificate.
If your firewall rules prevent external access:
Check your firewall rules with the following command: gcloud compute firewall-rules list with this, you can review the VPC where
the VM instance was migrated; and if it has allowed the Ingress TCP:
22 Port.
If this firewall rule is missing, you can add the firewall rule in the GCP console -> VPC Networks ->select your VPC network _Click on
the firewall rules to double check that the tcp: 22 port is allowed.
If the issue still is ongoing after checking the firewall rules, you
can follow this guide to start troubleshooting SSH connection.
Related
First, good morning. After running a DigitalOcean internet tutorial that taught how to set up a web server with Django, I had problems connecting via SSH, however, the site continues to run and accept HTTPS connections without any obstacles on the web.
To check availability, I pinged [Public IPv4 Address] [Public IPv4 DNS] and got no response. Since my website has a purchased DNS, I tried to ping [my website's private DNS] and also no response.
I researched possible errors and I'm already advancing: My security group has the rules: HTTP 80, SSH 22 and HTTPS 443 with any source of IPv4 released. So much so that I did all the server configuration via SSH.
I had already done this process before and had the same error, but since it was a test server, I didn't pay much attention. But now, after performing a change from HTTP to HTTPS (to make the site secure) it happens again!
Here are the tutorials:
Installing the webserver: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-18-04
How to secure Nginx (HTTP to HTTPS): https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04
Any help is welcome and I thank you in advance!
So, in the tutorial (https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04), in the part "Step 3 — Allowing HTTPS through the firewall", to check the status of the Firewall the following command was used:
$ sudo ufw status
But the output was:
Output:
Status: inactive
To work around this problem, I ran:
$ sudo ufw enable
Output:
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
However, AWS itself provides a Firewall system in connection permissions of groups related to the instance.
That way, I ended up "turning off" SSH and only allowing HTTPS traffic, so my server kept running.
So, summary: I couldn't connect via SSH due to running a manual Firewall that overrode the EC2 Instance's Groups control
Thank you for trying to help me! Success!
When i attempt to SSH from https://console.cloud.google.com/compute/instances?authuser=0&projec
I get the error:
Connection via Cloud Identity-Aware Proxy Failed
Code: 4010
Reason: destination read failed
Please ensure you can make a proper https connection to the IAP for
TCP hostname: https://tunnel.cloudproxy.app You may be able to connect
without using the Cloud Identity-Aware Proxy.
Though on a seperate machine i am able to login, but Firewall and other settings seem identical ?
What should i do to get in ?
Krgds.
C
This issue is due to the lack of a firewall rule to allow-ingress-from-iap with this IP range 35.235.240.0/20 that needs to be configured when using IAP (Identity-Aware Proxy).
To Allow SSH access to all VM instances in your network, do the following:
1- Open the Firewall Rules page (Navigation menu > VPC network > Firewall) and click Create firewall rule
2- Configure the following settings:
Name: allow-ingress-from-iap
Direction of traffic: Ingress
Target: All instances in the network
Source filter: IP ranges
Source IP ranges: 35.235.240.0/20
Protocols and ports: Select TCP and enter 22 to allow SSH
3- Click Create
My impression is that the root casuse, was the the linux box had run out of hard disk space, causing the issues.
So when i recreated the same machine, with more disk space, the issue was resolved.
I cannot connect to my GCP VM through ssh. It is not working either through terminal (which gives a timeout error) or through the browser (eternally loading)
With nmap, I found out that there is no ssh service provided on the external IP address of the machine
Host is up (0.076s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp closed http
443/tcp closed https
However, I do have the default-allow-sshrule in my firewall.
My question is what I should do now to have this ssh access. Thanks in advance!
You can find in the official documentation :
Troubleshooting
SSH
Test connectivity:
Check your firewall rules,
Test the network connection,
Connect as a different user,
Debug the issue in the serial console
Inspect the VM instance without shutting it down
Use a startup script
Use your disk on a new instance
I am running a VNC server in Google Cloud Computing Engine and it is running on port 5901. When I am trying to access the server through below command
nc localhost 5901 I am able to connect.
but when I am trying to connect through external IP which is static and assigned to my cloud console. I am getting timed out error.
I verified the firewall rules and seems everything ok.
Could you please guy help me why this is happening
> $ nc localhost 5901
RFB 003.008
> $ nc 146.148.91.209 5901
(UNKNOWN) [146.148.91.209] 5901 (?) : Connection timed out
I got the answer of this question in a different post
There are three steps for that, I was not doing the third one.
configure the firewall rule in Google cloud console
provide a tag in your firewall rule
tag your instance with the same tag as the firewall rule
I have set up a a micro EC2 instance on AWS. Currently, I am using the free tier in Oregon. There are two problems which I am facing.
When I try to SSH the instance using the public DNS, it says host does not exist but when I try conencting it using the public IP, it connects to it. What setting is needed to use the public DNS ?
I have opened the SSH client using the IP address. I want to set up my application which needs Node.js and MongoDB. I installed Node.js using this
Next I installed MongoDB using this
Then I connected to my instance using Filezilla and uploaded my code to it. I then start my node application which uses socket.io.
When I try to connect to socket.io server using web browser, I get a message which says connection refused "error 111". I have opened TCP port 80 in instance's security groups. In iptables, I have forwarded port 80 to 8080, but still it does not work. I have also checked that the firewall is disabled in ec2. Kindly help me to resolve this issue.
Did you check if all of the necessary ports are open on Amazon Security Policy?
What you can do is to allow all traffic on Amazon Security Policy for test and see if the connection goes well or not.
You might also check if you need access DB from outside. In that case, you also have to open the mongodb port and setup mongodb correctly as well.
Other tools that might useful to test firewall and connection issue will be tcpdump and syslog file
For the dns issue, did you try to nslookup on that name and see if the IP shown matches your server IP?
As Amazon gives a long DNS hostname for the server, I always use my own domain name. It's much easier.
example : ec2.domainname.com, which points to the Amazon IP address
Hope that help.
My problem is resolved now..
For the DNS issue, earlier I needed proxy to access internet, so I guess the DNS name was not getting resolved. When I tried using proxy free internet, I was able to ssh using public DNS.
And regarding connection to socket.io, I used port 8080 instead of 80 and used "sudo node main.js" to run my node file. Now I am able to connect to the socket.io server and MongoDB.
Another thing which I want to ask is that would running the node file with sudo rights create some security issue ?
Thanks for the answer! That also worked for me. I had the same problem trying to connect through sockets (http://myipaddress:3000) to a node.js server, i tried opening ports on the actual ec2 instance and disabling the firewall through SSH but nothing worked. Had to go to Security Groups on the ec2 console and open a new inbound tcp rule enabling that port