EC2 instance refused to connect - amazon-web-services

I have a site built on NodeJS, which I am currently trying to deploy on the free tier on AWS.
So far I have created an instance, launched it, I can connect via SSH (console) to my instance, and have successfully pulled my files from my Git repository. However, when I try to browse my public DNS, I get: http://ec2-13-234-136-30.ap-south-1.compute.amazonaws.com:2222 took too long to respond.
I have also had a look at the settings on security group (as recommended on a different post) and ensured that inbound and outbound 'HTTP' and 'HTTPS' traffic are allowed (screenshot below):
Inbound settings: Inbound settings
Outbound settings: enter image description here
Any ideas on what else could be causing this issue? I would greatly appreciate your help. Thanks.

Your security configuration is too permissive, please limit to the port and protocols you are using.
Given that your firewall is off, which you should definitely check to confirm,
I guess you start NodeJs server binding to hostname 127.0.0.1, which allows only local traffics from EC2 instance.
Try changing it to 0.0.0.0, which allows public traffic and see if that solves your problem.

Related

Can't reach to an AWS EC2 instance website

I just launched a instance on AWS and I'm trying to open the website. So I copy the Public IPv4 address and paste it on my page. But it always returns This site can’t be reached 35.78.183.239 took too long to respond.
I've changed my firewall setting to access google chrome and set security groups HTTP, HTTPS. I can't figure out where the problem is. Any suggestions?
You didn't specify what webserver or AMI is on your EC2 instance.
You need to setup an AMI or manually install and setup a webserver for anything to show, otherwise the EC2 instance, while reachable, will not respond.
Make sure that ssh access is enabled and try ssh into the machine. If you can successfully login, then you know the instance is reachable and the problem is with your webserver software. This will help you debug.
What port is your application running on? When you enable HTTP and HTTPS it only allows ports 80 and 443 on the security group. This won't help if your application runs on a different port, so you'll need to add that to your security group to allow inbound traffic.

AWS EC2 instance "This site can't be reached", though I do have the ports 80 and 443 open

I have been looking for help with this problem, and the answers just say to add inbound rules to the security group. Well, I have done those and I am still unable to access my website from the public DNS (just putting that into the url box and navigating to it). There are multiple port 22 inbound rules for the people accessing my server, and the outbound rule is just "All traffic".
I've had this problem running Wordpress on EC2 instances. Things I'd try:
Access the instance via ssh. Check out https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
If you're accessing through ssh, maybe it's because your disk is full. To check this you can run df -h on your Amazon EC2 server.
I tried accessing my newly setup AWS EC2 Instance and I had this same issue, I later realised I was accessing the public DNS via HTTPS which had not been set up. when I changed the url to use HTTP it worked. Ensure to configure HTTP in the security group.

Why Amazon EC2 is not accessible using ping?

I've been using AWS for a few months without any problem. But from yesterday, I can't access the website. When I ping the IP (52.24.23.108) it displays request time out. Server's status is okay - that I checked from AWS console. Isn't it a network problem of Amazon Webservices?
You need to enable the specified network traffic type (ICMP) through your security groups for your instance. You can do this by choosing Security Groups > select your security group and choose Edit Inbound Rules
Choose "ICMP" from the dropdown and source (* if you want it from everywhere) then Add Rule
PINGs should work!
A couple things could cause this, most likely you provisioned the instance with a public IP, by NOT a n elastic IP. If you had a server restart, either by your doing or by AWS, then your public IP would be dropped. If you did use a elastic IP, then look at your security group to see if you allow icmp still or if the security group changed.
Another cause may be if a server level firewall had been disabled in the past, but if your server went through a restart it may have started again. What base OS are you using?

Connection getting refused to socket.io server on Amazon EC2

I have set up a a micro EC2 instance on AWS. Currently, I am using the free tier in Oregon. There are two problems which I am facing.
When I try to SSH the instance using the public DNS, it says host does not exist but when I try conencting it using the public IP, it connects to it. What setting is needed to use the public DNS ?
I have opened the SSH client using the IP address. I want to set up my application which needs Node.js and MongoDB. I installed Node.js using this
Next I installed MongoDB using this
Then I connected to my instance using Filezilla and uploaded my code to it. I then start my node application which uses socket.io.
When I try to connect to socket.io server using web browser, I get a message which says connection refused "error 111". I have opened TCP port 80 in instance's security groups. In iptables, I have forwarded port 80 to 8080, but still it does not work. I have also checked that the firewall is disabled in ec2. Kindly help me to resolve this issue.
Did you check if all of the necessary ports are open on Amazon Security Policy?
What you can do is to allow all traffic on Amazon Security Policy for test and see if the connection goes well or not.
You might also check if you need access DB from outside. In that case, you also have to open the mongodb port and setup mongodb correctly as well.
Other tools that might useful to test firewall and connection issue will be tcpdump and syslog file
For the dns issue, did you try to nslookup on that name and see if the IP shown matches your server IP?
As Amazon gives a long DNS hostname for the server, I always use my own domain name. It's much easier.
example : ec2.domainname.com, which points to the Amazon IP address
Hope that help.
My problem is resolved now..
For the DNS issue, earlier I needed proxy to access internet, so I guess the DNS name was not getting resolved. When I tried using proxy free internet, I was able to ssh using public DNS.
And regarding connection to socket.io, I used port 8080 instead of 80 and used "sudo node main.js" to run my node file. Now I am able to connect to the socket.io server and MongoDB.
Another thing which I want to ask is that would running the node file with sudo rights create some security issue ?
Thanks for the answer! That also worked for me. I had the same problem trying to connect through sockets (http://myipaddress:3000) to a node.js server, i tried opening ports on the actual ec2 instance and disabling the firewall through SSH but nothing worked. Had to go to Security Groups on the ec2 console and open a new inbound tcp rule enabling that port

Flask web app not responding to external requests on EC2

I've got a very simple Flask application that I'm hosting on an Amazon EC2 node and for whatever reason I can't see it externally. The flask app is here
from flask import Flask
app = Flask(__name__)
app.config['DEBUG'] = False
#app.route('/')
def hello_world():
return 'Hello World!'
#app.route('/p1')
def p1():
return "P1!!!"
if __name__ == '__main__':
app.run(host='0.0.0.0')
When I run the script it looks like the server is running fine, so in my browser (on a different computer) I put the following :5000 (the IP address I pull off of AWS). What's interesting is that it just seems to hang, and eventually produces an error. My guess is that I'm missing some configuration in AWS but I don't know what it is. Any help would be greatly appreciated
EDIT I tried deploying the app on my local machine. And when I try to access it from the browser using localhost:5000, it works. When I replace localhost with my IP address, it fails
Found this question while searching for a solution to the same issue.
edit run.py to enable flask to respond to requests from other than localhost.
this example enables responding to requests from anywhere. good security policies would use something more restrictive.
app.run(host='0.0.0.0')
in the AWS control panel go to EC2: select instance.
the browser should be pointed to the address from 'Public DNS (IPv4)'
(the ip# from IPv4 Public IP might also be useful)
look for 'Security groups': right-click to open the security group on a new page.
check inbound rules.
by default, flask binds to port 5000. add rule permitting incoming TCP traffic on port 5000.
while good security protocol should limit the number of ports left open and the range of IP's permitted to connect, it might be easier to permit 'anywhere' to connect over 'all tcp'.
NB: check if the default port has been changed in the flask config file run.py
ie: line below changes port from the default 5000 to 3000.
app.run(debug=True, port=3000)
Can also check if the flask instance is working locally by ssh'ing to the server and using a local instance of the lynx text browser to verify the port is responding. ie
lynx localhost:5000
Was able to ultimately answer my own question, both really
The problem I was having on AWS was that my inbound for that EC2 was not allowing access through the ports that I would need.
When I tried running it on my local machine at work, firewall settings change the address of localhost (and my IP) so that's why I couldn't access it outside of using localhost:5000
In your EC2 instance, the security group is what restricting your entry to the website.
Go to AWS portal, select your instance
Locate the security group and click the name
in the inbound rule window, select add rule
Not a recommended security practice but to get it running, select All TCP
add '0.0.0.0' in the source
your website will be running
I faced a similar issue in which the Flask app on EC2 instance was not responding. Turns out that I had to modify the inbound rules because:
The default security groups and newly created security groups include default rules that do not enable you to access your instance from the internet.
In order to modify the inbound rules, go to:
Instances dashboard > Security > Security Groups (go to your security group) > Edit Inbound Rules > Add Rule.
Fill the values:
Type -> Custom TCP
Protocol -> TCP
Port range -> 5000 (If your flask app is running on default port)
Source -> Your IP or 0.0.0.0/0 if you want to allow all traffic. You can also select My IP from source dropdown. This will automatically get your IP.
Save and you are good to go!
As you are already using host="0.0.0.0" in your app it should be accessible from anywhere. The only think blocking it is your aws security group inbound rules. Add a All TCP inbound rule for port 0-65535 (your app port should be in this range) with source 0.0.0.0/0 and it should work.