I am trying to register zabbix agent to zabbix server but facing this error[Received empty response from Zabbix Agent at [XX.XXX.XX.XX]. Assuming that agent dropped connection because of access permissions.] in zabbix server UI.
I have elb top of Zabbix server and using elb dns name in zabbix agent conf file. Seems registration is happening but agent server is not active[Availability].
**conf file**
Server=elb end point
ServerActive=elb end point
Any lead would be appreciated.
This is error from agent alowed hosts. Often when you are using the Zabbix server in docker and agent from system on the same IP.
see log file at first
$ cat /var/log/zabbix/zabbix_agentd.log | grep connection
now compare incoming connection: connection from "SOME_IP" and allowed hosts: "SOME_IPs"
example output :
failed to accept an incoming connection: connection from "172.17.0.2" rejected, allowed hosts: "127.0.0.1"
This is your problem. connection from 172.17.0.2 (docker) is not allowed in your zabbix_agentd.conf. You will have to edit /etc/zabbix/zabbix_agentd.conf like this :
Server=::ffff:127.0.0.1,172.17.0.2 ServerActive=::ffff:127.0.0.1,172.17.0.2
Last step is restart agent
$ sudo systemctl restart zabbix-agent
Related
I run Tomcat image on AWS EC2 instance from DockerHub by command
docker run -d -p 8000:8080 tomcat
Container start normally
ubuntu#ip-172-31-39-118:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbb1ac139d13 tomcat "catalina.sh run" 21 minutes ago Up 21 minutes 0.0.0.0:8000->8080/tcp vigilant_poitras
my public IP address of instance is 3.14.3.30
I tried to access http://3.14.3.30:8000/ by Chrome, but access refused, timeout expired.
Security groups in AWS setup to 0.0.0.0/0 for source and destination
Firewall on my Wondows turned off.
Please help to solve problem!!
According to the comments, Inbound rules added are
22 TCP 0.0.0.0/0 - This is to ssh to the server.
You haven't opened the port 8000. Open an inbound rule for port 8000 as TCP.
#MichaelZal - there are two issues.
Issue 1.) you are not able to access the page locally. you have to fix this.
I ran the same tomcat image and this is how you should be able to see the page.
RUN curl http://localhost:8000 (note: 8000 port)
[ec2-user#ip-172-31-93-30 ~]$ curl http://localhost:8000
<!doctype html>HTTP Status 404 – Not Found
RUN docker inspect {Your_Container_ID} | grep "IPAddress"
RUN curl http://{Container-IP}:8080 (note: 8080 Port....)
I see your last comment that you tried all IPs. Container Gateway is not the right IP. Just to be sure, i am giving the info on how to check the container ip.
[ec2-user#ip-172-31-93-30 ~]$ docker inspect c44c5d8067b0 | grep "IPAddress"
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[ec2-user#ip-172-31-93-30 ~]$
[ec2-user#ip-172-31-93-30 ~]$ curl http://172.17.0.2:8080
<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><
If this does not work, then you have to check your container logs to if the tomcat started correctly and if you have the following type log messages. It rarely can go wrong. I ran the same docker command that you had run and it should work.
RUN docker logs {Your_Container_ID}
[ec2-user#ip-172-31-93-30 ~]$ docker logs c44c5d8067b0
.....
30-Sep-2020 16:19:58.554 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
30-Sep-2020 16:19:58.555 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.38]
30-Sep-2020 16:19:58.573 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
30-Sep-2020 16:19:58.612 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [196] milliseconds
Issue 2.) Network access is not there. There are two places where it can get blocked. NACL and Security Group.
Its clear that Security Group does not have the necessary rule. Below needs to be added.
Type: Custom TCP
Port: 8000
Source: 0.0.0.0/0 (this is for whole internet OR you can chose any Specific IP for which you intend to provide access)
If all the above are fixed and tested, and still the site does not does not work, the we have to check NACLs.
In case of issues, Post these please.
CURL outputs/error
container logs
I just started a new AWS EC2 instance. In the instance's security group I added a new rule to open port 8080 as well as port 80.
I created a docker image and container that runs an apache server as per the aws tutorial.
When I run docker run -p 80:80 hello-world (where hello-world is the apache container image), everything works fine and I can access the server from the public network (using a web browser, or a curl command).
However, when I run docker run -p 8080:80 hello-world and I try to send a GET request (web browser, or curl) I get a connection timeout.
If I login to the host that is running the docker container, the curl command works fine. This tells me that port 8080 isn't really open to the public network, and something is blocking it, what could that be?
I tried to reproduce the thing, and I wasn't able to do it (it worked for me), so things that you should check:
1) Check that security group has indeed opened ports 80 and 8080 to your ip (or 0.0.0.0/0 if this is just a test just to confirm that this is not a firewall issue).
2) check the container is running:
docker ps -a
you should see: 0.0.0.0:8080->80/tcp under ports.
3) check that when you are sending the GET request, you are specifying the port 8080 in the request, so your browser should look something like:
http://your.ip:8080
or curl:
curl http://your.ip:8080
warning: just for testing
For testing: Setting Security Groups can solve the problem.
SecurityGroups > Inbound > Edit inbound rules > Add new rules > All TCP
I'm trying to deploy my Spring Boot application to Elastic AWS Elastic Beanstalk. However the deployment is always in a "Severe" state, with the below being logged into /var/log/nginx/error.log
Connection refused) while connecting to upstream, client: 172.31.10.241, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5000/
172.31.12.137 - the IP of the EC2 instance
I'm aware that I need to change the server port to 5000 and I have done that in my application.properties file and from the logs I can see that the application has launched on port 5000
TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 5000 (http)
I'm connecting to a MYSQL database on RDS and I can confirm that the application is connecting successfully to that database.
Is there a configuration setting I am missing? Any help would be much appreciated
FYI: I'm not very experienced with AWS
Try using port 8080. You can set SERVER_PORT to 8080 from the Configuration > Software Configuration > Environment Properties in AWS Elastic Beanstalk.
If you are using spring boot application You should add the property server.port=5000 in your application.properties file and also if you are using a profile based property file add the environment variable in the configurations as SPRING_PROFILES_ACTIVE=prod for your profile based property file to be used during run time.
In one of my amazon aws server installed memcahed server in port 11211.
Now i ssh to that server and run this command
telnet 127.0.0.1 11211
I get connected to and can access memcache data.
If i use private or public ip instead of 127.0.0.1
telnet <private ip> 11211
i get this
telnet: Unable to connect to remote host: Connection refused
Lets call this server master server where memcached is installed.
If i now ssh to other app server and run this command
telnet <private ip> 11211
get the same error. But the master server security group has this inbound rules.
All traffic All All sg-xxxxxx (app server)
Should we not get access to all services running in our master server from app servers?
I'm developing an application which will use AWS's SNS service to receive notifications over HTTP.
As I am developing the application locally and have no control of our company firewall, I am attempting to tunnel HTTP connections from an external EC2 host to my local machine for the purposes of testing.
Everything looks fine when verifying the connection from the EC2 host itself, however the port is closed when examined externally.
My local application is on port 2222. I have executed the following command on my local machine to establish the proxy:
ssh -i myCredentials.pem ec2-user#myserver.com -R 2222:localhost:2222
Where myserver.com points to an EC2 instance. SSH'ing to the EC2 instance, I can successfully connect to my application via the tunnel, and nmap displays the following:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00055s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
2222/tcp open EtherNet/IP-1
However when I run nmap against the EC2 instance from my local machine, the port is closed:
Nmap scan report for xxxxxx
Host is up (0.24s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
2222/tcp closed EtherNet/IP-1
The security group assigned to the server is allowing TCP traffic on ports 2222 on 0.0.0.0/0 and iptables isn't running on the server.
What do I need to do on the EC2 end to make this port open to the outside world?
The tunnelling command is correct, however in order for SSH to bind to the wildcard address, the following setting is required in /etc/ssh/sshd_config on the remote server:
GatewayPorts yes
Once this is added, restart sshd and the tunnelling will work as desired provided no firewalls are in the way.