I have a flask app installed on a new windows 10 virtual machine. I can access the app as localhost:8081 - I want to make this available on the network. I added the firewall rule for port 8081 on windows defender as follows:
When I try to access with IP or hostname I get ERR_CONNECTION_REFUSED
I have also tried it on port 80 with same result. seems like the port is still blocked. I have nothing else running on this virtual machine. How can I fix this?
You will need to change security rules on both your computer and also the router. There might be some kind of security rule about how devices can communicate with each other.
Related
ec2 instance is not publically available
I have a simple flask server open to port 80
there is even a public ip address but if I curl remotely to it connection get refused
but strangely ssh works just fine
and if I curl to public ip inside ec2 ssh it works
tried editing security group inboud rules but doesn't work...
googled bunch but all solutions say to edit inbound rules but it doesn't work for me...
am I doing something wrong?
The most common reason for this is that your Flask app is listening on localhost only, which is the default, and so is not reachable from outside the machine it's running on.
To fix this, make the server externally visible, by using:
app.run(host='0.0.0.0')
Problem: Simply getting a new EC2 windows instance up and running hosting a simple Hello World web app, and unable to connect to it from any other machine
Ok, I feel foolish asking this, as I've gotten this to work many times for years. But today, for no discernable reason, I am stumped.
New Windows Server 2022 base instance.
Run simple .net web app listening on port 80
Locally browse to http://localhost and it works fine
Turn on Firewall rule to allow port 80
In AWS Security Groups, allow port 80
Test with the public IP: Site cannot be reached
Disable Windows Firewall completely: same result
Use an alternative port, 5001, 8080, allowing them in the firewall, and with AWS security rules: same result
Try from another EC2 instance in the same subnet: same result
Make sure that locally the simple web app is working: yes
As I mentioned I feel like I am missing some critical and obvious thing.
Please be kind, as I have tried many solutions for this and am hitting a wall, and am humbly asking for help, not ridicule.
Here is the firewall of and connecting locally:
Here is the security groups:
Here is the subnet network ACL:
Here is the not connecting:
Found the answer. I was running my aspnet.core app using:
app.Run("http://localhost:5001")
But should have been using:
app.Run("http://0.0.0.0:5002")
The first tells the app to listen ONLY on IP 127.0.0.1, while the second says listen on ALL IP addresses.
After much searching I found the clue here:
https://weblog.west-wind.com/posts/2016/sep/28/external-network-access-to-kestrel-and-iis-express-in-aspnet-core
Specifically this:
In order to expose Kestrel externally you either have to bind to a specific machine name, IP Address or 0.0.0.0 which stands for all IP Addresses (thanks to #DamianEdwards and #BradyMHolt for their help).
So it really is just these threes main things needed:
Windows Firewall allow port
App running on port
AWS Security Rules for port
However, the way the the application binding is made is critical!
This is also helpful:
What is the difference between 0.0.0.0, 127.0.0.1 and localhost?
In my company, I have setup an Azure VM and selected a pre-defined VNet (associated with a subscription). I then added inbound rules on the newly created NSG allowing ports 80, 443 and 3389(rdp).
The VM has ubuntu and apache2 installed and when I browse vm's localhost the default apache page shows.
However, when I browse the VM site from my laptop via company network, I get a connection timeout error on the browser.
I used Azure - IP verify tool and fond the cause, it appears to be a rule created for isolating NSG by the Admin team, thus blocking all inbound traffic (see image below). I cannot remote this rule.
To override this rule, I created an inbound rule at NSG level with higher priority but it still does not
work.
Any help will be much appreciated.
Edit: I am able to RDP to my VM without any issues, the main issue is to do with browsing the website hosted in my VM from the company network
Edit
For your issue, you could ensure to add an inbound security rule with a higher priority than the rule 4090 like this: destination port 80,433 with action allow and priority 100. If there are two NSGs in the networking of the virtual machine: one is associated with NIC, the other is associated with a subnet, you should allow port 80,443 in both NSGs.
As far as I know, the UFW firewall is inactive on the Azure VM by default. If you enable it, you could adjust the firewall to allows HTTP and HTTPS traffic.
After that, you could run telnet VM's public IP 80 in the CMD on the laptop to verify if the networking connection is normal. If not, contact the admin in your company to allow the outgoing traffic for port 80 or 443 or something else like virus software on your laptop is blocking it.
If the above all is no effect, you could restart your azure VM on the Azure portal. Sometimes, it may take effect on accessing the website outside of Azure. You also could follow this tutorial: Install a LAMP web server on a Linux virtual machine in Azure.
The problem:
I have set up a (Docker) Django-Gunicorn-Nginx site on my home network. It works on the local network but I cannot access it through my domain.
The setup:
Registered a domain in namecheap.com.
Set up a dynamic DNS to update my public IP with the namecheap domain.
Set up the website on a computer in my home network and give it a static IP.
Enable port forwarding from public 80 to LAN 80.
The tests:
I have enabled port forwarding on the port 22 and I have been able to connect through SSH to the computer serving the website with ssh user#domain and it worked well -> domain/ddns ok.
I have accessed to the website from another computer connected on the same LAN by using the full static IP to the computer serving the website and it worked well -> website/server ok.
I have called my ISP to check if everything is set up correctly and if I am allowed to serve a website form my network and apparently there are no issues -> router/network ok.
The clue:
When I try to access the site from outside my home network, through the domain or my full public IP, I get an ERR_EMPTY_RESPONSE.
When I try to access the site from my home network, through the domain or with the full public IP (not through the LAN IP which actually works), I get redirected to the page 192.168.0.1/intercept.html which contains a message from my ISP saying that I do not have connection to the internet (which I actually have):
So, at this point I am a bit lost. I'd like to get ideas on what is the best way to troubleshot this situation.
As #ben5556 suggested, I tried port 8000 and it worked :) So my ISP is probably blocking port 80.
First I tried port 8080 but while enabling the port forwarding on the router configuration page, it showed a warning stating that this port is reserved for other stuff so I tried with port 8000 instead.
This is annoying since I called my ISP and they said that there should be no problem in using port 80. Moreover, there is no warning at all when enabling port forwarding on port 80.
UPDATE
Serving the web on public port 8000 makes no sense since browsers default to port 80, so the final solution has been to enable port forwarding from public 80 to LAN 8000. Apparently only LAN port 80 is blocked so this solution works nicely.
I have followed the steps provided by Amazon EC2. I have installed a wordpress website in the EC2 Instance.
My public DNS is given as ec2-xx-xxx-xx-xxx.us-west-2.compute.amazonaws.com/
and Public IP is also given as xx-xxx-xx-xxx.
How to view the website from any other machine?
Note:
EC2 Instance is created and running now.
I can view it in the localhost as well as public DNS in the EC2 instance using RDP. (http://ec2-xx-xxx-xx-xxx.us-west-2.compute.amazonaws.com/)
If you can see the web site from the EC2 instance, but not from other machines, there is probably one of the following things wrong:
The DNS entry is not available or is wrong. Since you can RDP using that entry, this can't be the cause.
Access to the correct port is being blocked by the security group or firewall. Since the instructions you referenced specifically say to make sure that both port 80 (HTTP) and 3389 (RDP) are open, and you know that is true from port 3389, this isn't likely, but is possible. Make sure that there are security group rules for both port numbers that look the same.
The Windows server itself is refusing to allow outside access to port 80 on that address. This is unlikely, but not impossible, and the instructions specify that you should "disable Internet Explorer Enhanced Security Configuration", and at the end cover "Making Your WordPress Site Public". Make sure that the web server isn't configured to only respond to requests from localhost (127.0.0.1) and that there are no Windows firewall rules blocking port 80.
I think that the likeliest problem is number 2, above. Perhaps you forgot to open port 80 in the security group, or typed a different port number or a different address range to open it to.