I run Tomcat image on AWS EC2 instance from DockerHub by command
docker run -d -p 8000:8080 tomcat
Container start normally
ubuntu#ip-172-31-39-118:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbb1ac139d13 tomcat "catalina.sh run" 21 minutes ago Up 21 minutes 0.0.0.0:8000->8080/tcp vigilant_poitras
my public IP address of instance is 3.14.3.30
I tried to access http://3.14.3.30:8000/ by Chrome, but access refused, timeout expired.
Security groups in AWS setup to 0.0.0.0/0 for source and destination
Firewall on my Wondows turned off.
Please help to solve problem!!
According to the comments, Inbound rules added are
22 TCP 0.0.0.0/0 - This is to ssh to the server.
You haven't opened the port 8000. Open an inbound rule for port 8000 as TCP.
#MichaelZal - there are two issues.
Issue 1.) you are not able to access the page locally. you have to fix this.
I ran the same tomcat image and this is how you should be able to see the page.
RUN curl http://localhost:8000 (note: 8000 port)
[ec2-user#ip-172-31-93-30 ~]$ curl http://localhost:8000
<!doctype html>HTTP Status 404 – Not Found
RUN docker inspect {Your_Container_ID} | grep "IPAddress"
RUN curl http://{Container-IP}:8080 (note: 8080 Port....)
I see your last comment that you tried all IPs. Container Gateway is not the right IP. Just to be sure, i am giving the info on how to check the container ip.
[ec2-user#ip-172-31-93-30 ~]$ docker inspect c44c5d8067b0 | grep "IPAddress"
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[ec2-user#ip-172-31-93-30 ~]$
[ec2-user#ip-172-31-93-30 ~]$ curl http://172.17.0.2:8080
<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><
If this does not work, then you have to check your container logs to if the tomcat started correctly and if you have the following type log messages. It rarely can go wrong. I ran the same docker command that you had run and it should work.
RUN docker logs {Your_Container_ID}
[ec2-user#ip-172-31-93-30 ~]$ docker logs c44c5d8067b0
.....
30-Sep-2020 16:19:58.554 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
30-Sep-2020 16:19:58.555 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.38]
30-Sep-2020 16:19:58.573 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
30-Sep-2020 16:19:58.612 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [196] milliseconds
Issue 2.) Network access is not there. There are two places where it can get blocked. NACL and Security Group.
Its clear that Security Group does not have the necessary rule. Below needs to be added.
Type: Custom TCP
Port: 8000
Source: 0.0.0.0/0 (this is for whole internet OR you can chose any Specific IP for which you intend to provide access)
If all the above are fixed and tested, and still the site does not does not work, the we have to check NACLs.
In case of issues, Post these please.
CURL outputs/error
container logs
Related
I tested AWS EC2 Amazon Linux and Ubuntu 18.04.
Tomcat is reachable from localhost:8081, but not from outside network
After pulling thee tomcat image
docker pull tomcat
Then running a container with port mapping:
docker run -d --name container-test -p 8081:8080 tomcat
Tomcat web page is not accessible, says:
This site can’t be reached 13.49.148.112:8081 took too long to respond.
But if doing this way, it's working fine.
docker run -d --name container-test2 -p 8080:8080 tomcat
I opened ALL ALL ALL in AWS security groups.
netstat shows that ports are listening correctly
ACLs are at default rule 100 allowing everything
I also did nmap this and found out the port is filtered:
$nmap -p8081 172.217.27.174
PORT STATE SERVICE
8081/tcp filtered blackice-icecap
Tried to add a rule to iptables but no luck:
iptables -I INPUT 3 -s 0.0.0.0/0 -d 0.0.0.0/0 -p tcp --dport 8081 -m state --state New -j ACCEPT
What can be done?
UPDATE:
Spent 2 good days to solve the issue with Amazon Linux2, but no success at all, switched to Ubuntu 22.04 and it's working. Also, same setup works on diff ami image in Mumbai region,
hence there is a high chance the image is faulty in Stockholm region specifically.
could be one of this:
check the port mappings of the container of your task definition
check the entries of the NACL (access control list) of your subnet (check if its public)
check if you allowed the trafic in the security group for your ip or 0.0.0.0/0
I'm new to devops. I want to install Jenkins in AWS EC2 with docker.
I have installed the Jenkins by this command:
docker run -p 8080:8080 -p 50000:50000 -d -v jenkins_home:/var/jenkins_home jenkins/jenkins:lts
On AWS security group, I have enabled port 8080 and 50000. I also enabled port 22 for SSH, 27017 for Mongo and 3000 for Node.
I can see the Jenkins container when I run docker ps. However, when I run https://xxxx.us-east-2.compute.amazonaws.com:8080, there is not a Jenkins window popup for Jenkins setting and display error, ERR_SSL_PROTOCOL_ERROR.
Does someone know what's wrong here? Should I install Nginx as well? I didn't install it yet.
The error is due to the fact that you are using https:
https://xxxx.us-east-2.compute.amazonaws.com:8080
From your description it does not seem that you've setup any type of ssl connection to your instance. So you should connect using http only:
http://xxxx.us-east-2.compute.amazonaws.com:8080
But this is not good practice as you communicate using plain text. A common solution is to access your jenkins web-ui through ssh tunnel. This way the connection is encrypted and you don't have to exposed any jenkins port in your security groups.
I just started a new AWS EC2 instance. In the instance's security group I added a new rule to open port 8080 as well as port 80.
I created a docker image and container that runs an apache server as per the aws tutorial.
When I run docker run -p 80:80 hello-world (where hello-world is the apache container image), everything works fine and I can access the server from the public network (using a web browser, or a curl command).
However, when I run docker run -p 8080:80 hello-world and I try to send a GET request (web browser, or curl) I get a connection timeout.
If I login to the host that is running the docker container, the curl command works fine. This tells me that port 8080 isn't really open to the public network, and something is blocking it, what could that be?
I tried to reproduce the thing, and I wasn't able to do it (it worked for me), so things that you should check:
1) Check that security group has indeed opened ports 80 and 8080 to your ip (or 0.0.0.0/0 if this is just a test just to confirm that this is not a firewall issue).
2) check the container is running:
docker ps -a
you should see: 0.0.0.0:8080->80/tcp under ports.
3) check that when you are sending the GET request, you are specifying the port 8080 in the request, so your browser should look something like:
http://your.ip:8080
or curl:
curl http://your.ip:8080
warning: just for testing
For testing: Setting Security Groups can solve the problem.
SecurityGroups > Inbound > Edit inbound rules > Add new rules > All TCP
I created a web server with apache and php in AWS. Then I created a docker with the AMI from web server.
tar -c -C /mnt/ . | docker import - MY-IMAGE-NAME
The image was created:
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
workshop latest 6de90688f964 About a minute ago 1.14GB
I ran the docker exposing the port 80
docker run -tid -p 80:80 6de90688f964 /bin/bash
But I cant load the web. I used the public IP from the docker server. When I used curl I obtained
root#ip-10-10-0-10:/home/ubuntu# curl 18.206.153.112
curl: (7) Failed to connect to 18.206.153.112 port 80: Connection refused
Could you help me?
You need to adjust the security policy for this AWS Instance to allow TCP
inbound traffic on port 80 (EC2 Dashboard --> Security Groups).
Something like this:
I have a project set up with CircleCI that I am using to auto-deploy to Elastic Beanstalk. My EBS environment is a single container, auto-scaling, web environment. I am trying to run a service that listens on raw socket port 8080.
My Dockerfile:
FROM golang:1.4.2
...
EXPOSE 8080
My Dockerrun.aws.json.template:
{
"AWSEBDockerrunVersion": "1",
"Authentication": {
"Bucket": "<bucket>",
"Key": "<key>"
},
"Image": {
"Name": "project/hello:<TAG>",
"Update": "true"
},
"Ports": [
{
"ContainerPort": "8080"
}
]
}
I have made sure to expose port 8080 on the "role" assigned to my project environment.
I used the exact deployment script from the CircleCI tutorial linked above (except with changed names).
Within the EC2 instance that is running my EBS application, I can see that the Docker container has run successfully, except that Docker did not forward the exposed port to the host container. I have encountered this in the past when I ran docker run .... without the -P flag.
Here is an example session after SSH-ing into the machine:
[ec2-user#ip-xxx-xx-xx-xx ~]$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a036bb061aea aws_beanstalk/staging-app:latest "/bin/sh -c 'go run 3 days ago Up 3 days 8080/tcp boring_hoover
[ec2-user#ip-xxx-xx-xx-xx ~]$ curl localhost:8080
curl: (7) Failed to connect to localhost port 8080: Connection refused
What I expect to see is the ->8080 or whatever in the container that forwards it onto the host.
When I do docker inspect on my container, I also see that these two configurations are not what I want:
"PortBindings": {},
"PublishAllPorts": false,
How can I trigger a port binding in my application?
Thanks in advance.
It turns out I made a misunderstanding in how Docker's networking stack works. When a port is exposed but not published, it is still available to the local network interface through the Docker container's private IP address. You can obtain this IP address by checking docker inspect <container>.
Rather than doing curl localhost:8080 I could do curl <containerIP>:8080.
In my EBS deploy, nginx was automatically setup to forward (HTTP) traffic from Port 80 to this internal private port as well.
I had the same problem in a rails container (port 3000 using puma) by default rails server only binds localhost to the listening interface, I had to use -b option to bind 0.0.0.0 and that solved the problem.
In react I have no the same problem cause npm serve package binds all interfaces by default