When I try to run server on gce with a command like npm run start on port 80,
I see this message
Port 80 is taken; using 40363 instead ...
I tried to find any process that is using port 80, but I can't find anything.
Tried sudo lsof -i : 80, netstat -lntp... nothing...
Can't I use port 80 on GCE?
Thanks for asking this up. There can be several reasons this might be happening.
A small note on Port 80: The Port 80 is used for HTTP communication and Port 443 is for HTTPS communication. For some reason, the VM is not allowing your program to start up in Port 80.
Listing down the areas to check and resolve this issue.
1. Check your basic VM firewall
While creating the VM, you might have forgot to tick the HTTP/HTTPS traffic boxes. To edit it again, stop the VM, click edit and tick the boxes as shown below.
2. Check if there is any firewall override
If you have added custom tags to the VM and applied additional firewall rules in the Firewall section of GCP, it might also lead to this scenario.
3. Other apps on this port (Ruled out)
Since you have mentioned no other apps are running in that port, this might not be applicable.
4. If none works, try creating a External IP
There are cases where an external IP was required to help the VM expose port 80 for HTTP communication for external visitors.
Related
Problem: Simply getting a new EC2 windows instance up and running hosting a simple Hello World web app, and unable to connect to it from any other machine
Ok, I feel foolish asking this, as I've gotten this to work many times for years. But today, for no discernable reason, I am stumped.
New Windows Server 2022 base instance.
Run simple .net web app listening on port 80
Locally browse to http://localhost and it works fine
Turn on Firewall rule to allow port 80
In AWS Security Groups, allow port 80
Test with the public IP: Site cannot be reached
Disable Windows Firewall completely: same result
Use an alternative port, 5001, 8080, allowing them in the firewall, and with AWS security rules: same result
Try from another EC2 instance in the same subnet: same result
Make sure that locally the simple web app is working: yes
As I mentioned I feel like I am missing some critical and obvious thing.
Please be kind, as I have tried many solutions for this and am hitting a wall, and am humbly asking for help, not ridicule.
Here is the firewall of and connecting locally:
Here is the security groups:
Here is the subnet network ACL:
Here is the not connecting:
Found the answer. I was running my aspnet.core app using:
app.Run("http://localhost:5001")
But should have been using:
app.Run("http://0.0.0.0:5002")
The first tells the app to listen ONLY on IP 127.0.0.1, while the second says listen on ALL IP addresses.
After much searching I found the clue here:
https://weblog.west-wind.com/posts/2016/sep/28/external-network-access-to-kestrel-and-iis-express-in-aspnet-core
Specifically this:
In order to expose Kestrel externally you either have to bind to a specific machine name, IP Address or 0.0.0.0 which stands for all IP Addresses (thanks to #DamianEdwards and #BradyMHolt for their help).
So it really is just these threes main things needed:
Windows Firewall allow port
App running on port
AWS Security Rules for port
However, the way the the application binding is made is critical!
This is also helpful:
What is the difference between 0.0.0.0, 127.0.0.1 and localhost?
Right now I am trying to run a daemon on port 8080, but because of the software I am installing with the daemon, I cannot start it unless the port 8080 is open. It's because the daemon needs to have port 8080 open to communicate to the other part of the software (the panel).
I have obviously tried allowing inbound rules on the security group assigned to my instance, and going to my VPC panel and going to NACL's and trying to add the ports, but nothing has worked.
However, the ports that a have preset in the rules editor (such as default ports like HTTP) do work. I know this because I am running a webserver off of port 80 (HTTP).
I have looked across all the Stack Overflow posts I could find and most of them said the solution of adding inbound rules to the security group which I have done lol. However, I came across this post, that had the solution of adding a range of ports for when you have a custom VCP, and it worked! I did this but long story short I got another error and I just made a new instance. I got to the point where I needed the port 8080 to be open, but sadly I got the error that I needed port 8080 to be open, even when I had that solution from the linked post. Basically it stopped working. I read the docs in the linked post that the answer gave me and I couldn't really get any use out of it.
Here is a picture of my ALC inbound rules, if you read this doc about ephemeral ports you will understand more.
I have no idea why I can't open custom TCP ports but I can open default ports like 80, 22, 3306, etc. I can't get my daemon running for it to even listen on port 8080.
Is there a solution to all this?
EDIT:
Security Group: Inbound Rules Outbound Rules
ACL: Inbound Rules Outbound Rules
So all I have is .pem file, I cannot log in to the AWS to check a certain port's situation. Let's say if I want to check that the Http port (80 port) is open or not. How can I check it without log into the AWS console? I have read several articles. What they provide is tutorials telling you how to check it by logging into the AWS console, which is not what I can do. Is there a command to do so or any test I can try?
So far I build a Nginx server and let it listen on 80 port. When I curl localhost, it works great. But when I try to use the IP to access it from outside, it does not work. From this, I am not pretty sure that the problem is from Nginx or the port 80 does not open. Thus, I need a more specific way to ensure that port 80 is working or not. Thank you all!
Use telnet:
telnet <ip or dns name> 80
If its open you should get a message like:
Trying <ip>...
Connected to <ip or dns name>.
I am relatively new to AWS and I've been looking at quite a few tutorials for the past couple of days trying to figure out how to make my AWS ubuntu instance accessible from the browser.
What I've done:
1st: I configured security groups to accept all traffic for ssh, http, https just to see if the public DNS listed in the instance is accessible.
2nd: I changed the IP of my instance to an elastic IP
3rd: I wrote a simple node.js file that listens on port: 9000 and console.logs 'hello world'
For some reason ssh works, and I can run my node.js file, but agina I cannot access the remote instance from the browser.
Any help would be greatly appreciated since I've been on this for a couple of days
Thanks!
Thank you everyone for the quick responses!
My issue was I did not include a TCP rule to my specific port. Now I am able to access that port via ec2-DNSNAME:9123.
And, just to clarify, if I want to host that DNS for all traffic I should specify 'anywhere' for the TCP rule, correct?
I configured security groups to accept all traffic for ssh, http, https
In security groups, "HTTP" does not mean "HTTP on any port"... it means "any traffic on TCP port 80" -- 80 being the standard IANA assigned port for HTTP.
Security groups are not aware of the type of traffic you are passing, only the IP protocol (e.g. TCP, UDP, ICMP, GRE, etc.) and port number (for protocols that use port numbers) and any protocol specific information (ICMP message types).
You need a rule allowing traffic to port 9000.
Firstly go to your EC2 and see if curl http://localhost works..
Also, if you are exposing your nodejs on port 9000 ; did u open 9000 also on security groups or not ?
Few things to check:
Security groups
Subnet NACLS (these can function as a subnet level
firewall, but unless you've messed with these they should allow all
traffic.)
On the server if you run netstat -na | grep <PORT> do you see your
application listening on the correct ports?
You may also check your system for a firewalls that could be short circuiting the requests.
If the above doesn't point you towards where your issue is you can grab tcpdump and filter it just for requests coming from your web browser (e.g after installing tcpdump -vvn host 10.20.30.40 port 8000 Substitute your ip and port). This will let you know if you're running into a network issue (Packets aren't reaching the server) or if its something with the app.
I'd also recommend using IP addresses while doing your initial troubleshooting. That way we can establish it is not network/server configuration before going into DNS.
I have tried running Beego on AWS, but no matter what I have tried, I can't seem to connect to port 8080, which is where Beego is running on. I'm not sure if it's an AWS or a Beego issue, but I can't seem to connect to port 80 either (I have tried to change the security group setting, including adding a new one to allow access to both ports). However, when I curl 127.0.0.1, a Beego template is there, but there is nothing at my E2 instance. I changed the app.conf file's httpaddr to 0.0.0.0, but that didn't seem to do much. How can I approach this problem?
Check you conf/app.conf file:
httpaddr = localhost
By default, beego can be configured to listen to localhost only (as stated in this answer).
Other issues include (for the AWS part):
configuring security groups to permit inbound access on port 8080.
disabled any Application firewalls like Windows Firewall or Iptables for that port?
checking netstat -anp|grep 80 and sudo iptables -L
For ubuntu, the OP dtrinh100 mentions in the comments having to:
get it to work by disabling iptables, but since I'm running Ubuntu, it was a little different.
I used the iptables command from "How to start/stop iptables on Ubuntu?", which allowed me to turn off iptables in Ubuntu.