After installing and running Apache2 on my EC2 Instance (Ubuntu 16.04) in AWS, I want to access the Site from my public browser with "ec2-3-231-162-52.compute-1.amazonaws.com". Apache2 is running on port 80, and I already created a security group, which allows Port 80 to connect. So why can't I access the default apache2 website?
Apache2 running status:
Security Group Incoming Traffic:
Security Group Outgoing Traffic:
You need quite a few pieces to make sure this is working:
First, your EC2 instance, and a running HTTPD server. Sounds like you have that.
Then, you'll need a VPC for the pieces to sit in.
You'll need a subnet on the VPC.
You'll need a route table in the subnet.
You'll need a security group on the VPC.
Your EC2 instance will need a public IP on the subnet.
Finally, an internet gateway to expose the VPC to the public internet.
Requests will flow through the internet gateway into the VPC, use the route table to find where they should go, and arrive at your EC2 instance, where the security group you've set up allows them into the correct port.
Related
I am at my wits end with this, please help.
I am creating EC2 instances in my default public VPC, yet i am not able to ssh or http to my instance or webserver running into the machine. I checked the following
The SG has inbound SSH, HTTP and HTTPS allowed from 0.0.0.0/0 and assigned to my instance
the default VPC, has route tables with 0.0.0.0/0 pointed to IGW
the NACLs are configured to Allow all traffic. i also manually updated to allow only HHTP, HTTPS and SSH
the Key is use has been given the right permission by running chmod 400 filename
Despite all this not able to connect to the EC2 instance, AMI being Amazon Linux 2 AMI
When I try to ssh, i get a connection timeout error after a while, initially, i thought it was my office network but I am also getting the same from my home network with no firewalls in place
To allow an SSH connection, you will need:
An Amazon EC2 instance running Linux launched in a public subnet (defined as having a Route Table that directs 0.0.0.0/0 to an Internet Gateway)
A Security Group permitting Inbound access on port 22 (Outbound configuration is irrelevant)
Network ACLs left at their default settings of Allow All in both directions
A Public IP address associated with the instance
From your descriptions, I would say that the problem is probably with the Outbound NACLs. Return traffic from an SSH session goes back to the source port on the initiating server, which is not port 22. In general, only change the NACLs if you have a specific reason, such as creating a DMZ. I recommend you reset the NACL rules to Allow All traffic in both directions.
I have installed HashiCorp vault in a Linux EC2 machine in AWS. I have unsealed it and allowed all the outbound traffic in Security Group. I am able to access the Vault service within EC2 instance using "http://localhost:8200". But I am unable to use the service when I try to hit the URL using public IPV4 of the EC2 from internet (ex: http://xxx.xxx.xxx.xxx:8200).
Check your network configurations.
There are a few things you can check:
Your Security Group allow connections from your IP to the port 8200
Your EC2 instance is in a public subnet.
The NACL of public subnet allows connections to/from the port 8200 and to/from your IP.
The Route Table of public subnet has attached an Internet Gateway.
If you validate this 4 points and still can't connect with the service, it can be a problem of the service listen-address is 127.0.0.1 (localhost).
https://www.vaultproject.io/docs/commands/server.html#dev-listen-address
In that case, you should start your HashiCorp Vault with the options:
-dev -dev-listen-address="0.0.0.0:8200"
This problem is described here:
Is it possible to start Vault dev server on 0.0.0.0 instead of 127.0.0.1?
Well, I am almost giving up on aws it is really hard to do simple things here. My problem is I am following this link to setup cpanel for commercial use,
https://blog.cpanel.com/part-2-how-i-built-a-cpanel-hosting-environment-on-amazon-aws/
I set up my VPC, Subnet, Internet Gateways, Elastic IPs and Route Tables and still can not connect to my ec2. it is frustrating that I am wasting time over an ssh problem which can be solved in a matter of seconds in OVH and here AWS ruining my day any ideas?
I set up my VPC, Subnet, Internet Gateways, Elastic IPs and Route Tables
I really expect to connect to my ec2 with ease and be able to add more ec2/s to the service
To be able to SSH into an Amazon EC2 instance, you'll need the following:
An Amazon VPC (the default one is fine, or create your own)
An Internet Gateway attached to the VPC (to connect it to the Internet)
A public subnet, which is defined as a subnet that has a route table where the route table sends traffic destined for 0.0.0.0/0 to the Internet Gateway
An Amazon EC2 instance in the public subnet, presumably a Linux instance since you want to SSH to it
When launching the instance, nominate a Keypair. If you launch from an Amazon-provided AMI (eg Amazon Linux 2), the keypair will be copied to /users/ec2-user/.ssh/authorized_keys at startup.
The instance should either be launched with Auto-assign Public IP to receive a random public IP address, or associate the instance with an Elastic IP address to associate a static IP address
A security group attached to the EC2 instance permitting inbound SSH access (port 22) either from 0.0.0.0/0 or your own IP address
Don't play with the Network Access Control List (NACL) settings - they default to allowing all traffic in/out
To connect to the instance:
ssh -i YOUR-KEYPAIR.pem ec2-user#IP-ADDRESS
If the connection is immediately rejected, it suggests a problem with the keypair.
If the connection takes some time before failing, it suggests a network-related problem because it is unable to contact the instance. Some corporate networks block outbound SSH access, so try again from a different network (home vs office, or even tethered via your phone) to try and identify the issue.
I am using AWS for a Django web application. I have configured a public subnet in which I have a web server. The security group associated with it only allows ports 443, 80, 22, 123. I have a private subnet in which I have a DB server. The security group associated with it only allows 5432 from the other security group.
So do I need to configure a NAT instance to which a public address is attached and only have private IP for the web server? How much does this sort of setup help with security or any other benefits?
Is this sort of setup a must?
A NAT is only needed if whatever is in your private subnet(s) needs to be able to reach the internet.
So unless there is a reason your database would need access to the internet, this configuration is fine. If for example you occasionally need to apply patches to the db instance, you could simply create NAT instance on demand, update the routes, and run the update command. (If you're running Amazon Linux,you can create an S3 VPC endpoint and yum update will pull updates via that)
Hi I'm running memcached on my webserver on an AWS ec2 instance. So it has a public IP address and a private IP address.
I followed the following page to install memcached:
https://www.thefanclub.co.za/how-to/how-install-memcached-on-ubuntu-for-drupal
One step is to "Open firewall port 11211"
My question is what rule should I add to the ec2 security group? I want to know the source ip setting.
Right now in the ec2 security group, Inbound rules, I've added allow 11211 port tcp from source private ip address of the ec2 instance. Is that correct for memcached to work for anonymous users from the internet visiting my website? Thanks!
what rule should I add to the ec2 security group?
No rule at all.
If you are running memcached on the same machine your web server, then you do not need any security group settings for memcached. If the connection never leaves the machine, the security group settings have no impact on it.