Unable to connect to webserver on AWS EC2 instance - amazon-web-services

I'm unable to connect to my EC2 instance where I have an apache web server running (also running an Express.js server on a different port). I have updated the security group to allow incoming requests to http and https ports but I continue to get this response in the browser:
This site can’t provide a secure connection
*********** sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I am able to ssh into my EC2 instance.
Other than ensuring that the correct ports are open and that a service is listening on those ports, is there any configuration needed to setup simple web server on EC2?
Current security group settings:
Currently open ports (sudo lsof -i -P -n | grep LISTEN):
There are some similar questions posted but they are either vague or have been left for dead

You need to install mod_ssl to tell apache to serve httpS connections.
You can use the default (or self signed certificate) to check the connectivity on port 443. If you need a valid ssl certificate, you can get one for free from Let's Encrypt: https://letsencrypt.org/
You can use CertBOT to auto renew certificates: https://letsencrypt.org/getting-started/

Related

ssh: port 22: Connection timed out

First, good morning. After running a DigitalOcean internet tutorial that taught how to set up a web server with Django, I had problems connecting via SSH, however, the site continues to run and accept HTTPS connections without any obstacles on the web.
To check availability, I pinged [Public IPv4 Address] [Public IPv4 DNS] and got no response. Since my website has a purchased DNS, I tried to ping [my website's private DNS] and also no response.
I researched possible errors and I'm already advancing: My security group has the rules: HTTP 80, SSH 22 and HTTPS 443 with any source of IPv4 released. So much so that I did all the server configuration via SSH.
I had already done this process before and had the same error, but since it was a test server, I didn't pay much attention. But now, after performing a change from HTTP to HTTPS (to make the site secure) it happens again!
Here are the tutorials:
Installing the webserver: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-18-04
How to secure Nginx (HTTP to HTTPS): https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04
Any help is welcome and I thank you in advance!
So, in the tutorial (https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04), in the part "Step 3 — Allowing HTTPS through the firewall", to check the status of the Firewall the following command was used:
$ sudo ufw status
But the output was:
Output:
Status: inactive
To work around this problem, I ran:
$ sudo ufw enable
Output:
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
However, AWS itself provides a Firewall system in connection permissions of groups related to the instance.
That way, I ended up "turning off" SSH and only allowing HTTPS traffic, so my server kept running.
So, summary: I couldn't connect via SSH due to running a manual Firewall that overrode the EC2 Instance's Groups control
Thank you for trying to help me! Success!

Can't run GCP VM on public IP with SSH

I am setting up a Virtual Machine node.js server at Google Cloud Platform. I have set up SSH keys so that I can log into my VM. I can successfully log into my VM using SSH-in-browser and start my server.
I can't access my public IP address through Chrome. I get this message:
This site can’t provide a secure connection.
When I try to connect to the IP within SSH-in-browser, I get the following:
$ curl -vso /dev/null --connect-timeout 5 34.68.254.120:8080
* Trying 34.68.254.120:8080...
* connect to 34.68.254.120 port 8080 failed: Connection refused
* Failed to connect to 34.68.254.120 port 8080: Connection refused
* Closing connection 0
I'm new at this. Any ideas would be appreciated. Thanks!
Edit1: Some more details --
Linux VM
port 8080 ingress is open on the firewall
I'm using OSLogin (`enable-oslogin = TRUE' 'enable-oslogin-sk = FALSE')
I can successfully log into console with both SSH-in-Browser and PuTTY, and I can start my server on port 8080
In both, I get the error above when I try to connect to the IP address
EDIT:
Follow below steps to fix “This Site Can’t Provide a Secure Connection” Error :
This error typically indicates a problem with either your browser’s configuration or the SSL certificate on your site.
1) Your local environment doesn’t have an SSL certificate.
2) Outdated SSL caches in the browser : (This is one of the more popular causes. Web browsers store SSL certificates in a cache, much
like other data. This means they don’t have to verify the certificate
every time you visit a site, which speeds up browsing. However, if
your SSL certificate changes and the browser is still loading an
older, cached version, it can cause this error to pop up).
3) Incorrect time and date settings on your computer.
4) Rogue browser extensions.
5) Overzealous antivirus software.
6) An invalid or expired SSL certificate.
If your firewall rules prevent external access:
Check your firewall rules with the following command: gcloud compute firewall-rules list with this, you can review the VPC where
the VM instance was migrated; and if it has allowed the Ingress TCP:
22 Port.
If this firewall rule is missing, you can add the firewall rule in the GCP console -> VPC Networks ->select your VPC network _Click on
the firewall rules to double check that the tcp: 22 port is allowed.
If the issue still is ongoing after checking the firewall rules, you
can follow this guide to start troubleshooting SSH connection.

is it possible to access a ec2 instance where inbound rule is only allowed for ssh with the help of apache http

I need to access an ec2 instance using http but inbound rule is only allowed for ssh.So is it possible to access the ec2 through http if i connected the ec2 using ssh and installed apache http.
It can be resolved using changing the inbound rule but is it possible by apache http without changing the inbound rule
Yes. You can activate Port Forwarding across your SSH connection, which will allow traffic to go across the SSH connection to the web server on the destination EC2 instance, and it will all happen via port 22 (SSH).
For example, this command will forward local port 8000 to the remote port 80:
ssh -i key.pem ec2-user#IP-ADDRESS -L 8000:localhost:80
You can then access the remote web server from your own computer by pointing your web browser to http://localhost:8000. The traffic will be sent across the SSH connection to the EC2 instance, where it will be sent to localhost:80 (which is the web server on the EC2 instance).
For details, see: How to Use SSH Port Forwarding {Ultimate Guide}

Amazon EC2 HTTP connection refused, but HTTP port is open

I created a new Ubuntu T2 Micro instance on EC2.
Created a new Elastic IP and selected "EIP used in: VPC"
Associated the address to my new EC2 Ubuntu instance.
I now have a Private IP and a Public/Elastic IP. No Public DNS.
My security group has SSH port 22 and HTTP port 80 open.
I can connect to the instance just fine through SSH using the Public IP, but when I try to browse to the Public IP through the browser it says connection refused. I can't ping it either.
I'm out of ideas.
Amazon EC2 HTTP connection refused, but HTTP port is open
That's already proven by the fact that you got 'connection refused'. If the port wasn't open it would have been 'connect timeout'.
'Connection refused' means that the service you tried to connect to wasn't listening at that port. Possibly it isn't started at all, or even installed.
You need to install a web server on your machine, such as Apache or Nginx. This is not provided by default in EC2.
go to security groups --> edit inbound rules --> add rule (add a custom TCP port 8888 with 0.0.0.0/0 ).
There are two major things that can happen to your web server.
Connection refused :- Which means there is no service running (http/JBOSS/nginx) on your server which is available to accept connections on port specified (which is 80 in this case)
Connection timed out :- Would mean server is not able to process any incoming connection hitting it at port 80. Once you fix the security group and your NACL (if you don't have a default one), then you need to re-check to see if it's service which is giving out the error, not to forget that the error response will change.

Can't connect to EC2 instance via web browser

I'm a total newbie when it comes to servers and EC2 but I have an EC2 instance running which was stopped and restarted. Since that I haven't been able to connect via a web-browser to the site but can connect via SSH. Are there any ideas why this could be the case?
Here is the debug checklist:
Check your server, make sure it is up and running in AWS management console.
Check port security setting, from your local machine. If it is close open it in security group.
telnet your_ip 80 # Check http port
telnet your_ip 22 # Check SSH port
Check your web server, Apache, Nginx, etc. If you cannot find your process, start it.
ps -ef | grep -e nginx -e httpd -e apache
Check your virtual host config, make sure you web server is listening to port 80 (http) or 443 (https).
Run chkconfig and make sure your web server will start as a service.
Check the security group in your instance property, it is probably allowing only SSH (default), you may want to add a inbound rule allowing HTTP traffic.