I launched EC2 instance,set security group
I can ssh into my instance,update and install Apache aserver. Anyway I can not access it from Chrome browser.
This site can’t be reached
Nor from firefox
Firefox can’t establish a connection to the server at 3.123.456.125.
netstat
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
tcp6 0 0 :::445 :::* LISTEN -
tcp6 0 0 :::139 :::* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 192.168.0.255:137 0.0.0.0:* -
udp 0 0 192.168.0.12:137 0.0.0.0:* -
udp 0 0 0.0.0.0:137 0.0.0.0:* -
udp 0 0 192.168.0.255:138 0.0.0.0:* -
udp 0 0 192.168.0.12:138 0.0.0.0:* -
udp 0 0 0.0.0.0:138 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
udp 0 0 224.0.0.251:5353 0.0.0.0:* 3734/chrome --type=
udp 0 0 224.0.0.251:5353 0.0.0.0:* 3695/chrome
udp 0 0 224.0.0.251:5353 0.0.0.0:* 3734/chrome --type=
udp 0 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:38227 0.0.0.0:* -
udp6 0 0 :::60592 :::* -
udp6 0 0 :::5353 :::* -
On which port? On host or on EC2?
netstat -ant | awk '$6 == "LISTEN" && $4 ~ /\.80$/' | wc -l
0
No webserver on port 80.
Why?
I got this when I ssh to my EC2
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
3 package(s) needed for security, out of 24 available
Run "sudo yum update" to apply all updates.
[ec2-user#ip-172-31-24-192 ~]$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:ae:75:dd:e9:d8 brd ff:ff:ff:ff:ff:ff
inet 172.31.24.192/20 brd 172.31.31.255 scope global dynamic eth0
valid_lft 3149sec preferred_lft 3149sec
inet6 fe80::ae:75ff:fedd:e9d8/64 scope link
valid_lft forever preferred_lft forever
The problem is that by opening port 80 in security groups does not create a process in my EC2 instance listening on that port. That's why Apache is required(to listen port 80).
First step
sudo su
Then
[ec2-user#ip-172-31-33-157 ~]$ yum update -y
[root#ip-172-31-33-157 ec2-user]# yum install -y httpd.x86_64
[root#ip-172-31-33-157 ec2-user]# service httpd start
Now we can check
[root#ip-172-31-33-157 ec2-user]# service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since суб 2020-01-18 12:57:23 UTC; 6s ago
Docs: man:httpd.service(8)
Main PID: 21386 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
├─21386 /usr/sbin/httpd -DFOREGROUND
├─21387 /usr/sbin/httpd -DFOREGROUND
├─21388 /usr/sbin/httpd -DFOREGROUND
├─21389 /usr/sbin/httpd -DFOREGROUND
├─21390 /usr/sbin/httpd -DFOREGROUND
└─21391 /usr/sbin/httpd -DFOREGROUND
Works perfect.
Related
I am doing a project using django rest framework. It was working ok, but at the moment I am getting error
connection to server at "localhost"(127.0.0.1), port 5432 failed:
Connection refused Is the server running on that host and accepting TCP/IP connections?
I knew that the problem with postgresql. Because I've tried to connect it with pgadmin, and also gives me this error.
I am using Ubuntu OS, when I checked ubuntu not listening port 5432.
postgresql.conf
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for >
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
#unix_socket_directories = '/var/run/postgresql' # comma-separated list >
# (change requires restart)
When I run service postgresql status, it says following.
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor pr>
Active: active (exited) since Tue 2022-05-17 09:22:03 +05; 1h 9min ago
Process: 6270 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 6270 (code=exited, status=0/SUCCESS)
May 17 09:22:03 mirodil-vivobook systemd[1]: Starting PostgreSQL RDBMS...
May 17 09:22:03 mirodil-vivobook systemd[1]: Finished PostgreSQL RDBMS.
Here is the output of the ss -nlt:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 511 127.0.0.1:40915 0.0.0.0:*
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 4096 127.0.0.1:9050 0.0.0.0:*
LISTEN 0 5 127.0.0.1:39261 0.0.0.0:*
LISTEN 0 5 0.0.0.0:35587 0.0.0.0:*
LISTEN 0 128 0.0.0.0:25672 0.0.0.0:*
LISTEN 0 511 127.0.0.1:6379 0.0.0.0:*
LISTEN 0 511 *:80 *:*
LISTEN 0 4096 *:4369 *:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 511 *:35711 *:*
LISTEN 0 128 *:5672 *:*
LISTEN 0 511 [::1]:6379 [::]:*
Seems something caused blocked 5432 port. How to solve this problem ?
postgresql.log
See this thread discussion:
PostgreSQL won't start: "server.key" has group or world access
The problem is that /etc directory needs to be root user, so I changed it to root user, and opened 5432 port, in my case /etc directory owned by other user, now everything is working.
I have a django app and I need to send my logs to the kafka server. So I implemented a custom handler as below:
import logging
from kafka import KafkaProducer
class KafkaHandler(logging.Handler):
def __init__(self, hosts=['DEFAULT_KAFKA_HOST:DEFAULT_KAFKA_PORT'], topic='DEFAULT_KAFKA_TOPIC'):
logging.Handler.__init__(self)
self.producer = KafkaProducer(
bootstrap_servers=hosts,
security_protocol='SASL_SSL',
sasl_mechanism='SCRAM-SHA-512',
sasl_plain_username='KAFKA_USER',
sasl_plain_password='KAFKA_PASSWORD',
value_serializer=lambda v: json.dumps(v).encode('utf-8'),
linger_ms=10)
self.topic = topic
The problem here is that when I run the django app via python manage.py runserver in my local app runs without any trouble but my localhost doesn't listen on the specific port.
output of netstat -tulpn:
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
udp 0 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:54922 0.0.0.0:* -
udp6 0 0 :::58148 :::* -
udp6 0 0 :::5353 :::* -
But after I comment out the producer initialization everything works as expected and django app starts to listen. netstat -tulpn:
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 11477/python
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
udp 0 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:54922 0.0.0.0:* -
udp6 0 0 :::58148 :::* -
udp6 0 0 :::5353 :::* -
Try to use an alternative server. Django with Gunicorn solved the problem in my similar case.
I am wanting to create a vpc endpoint service in order to provide a way for our internal apps to bypass our SSO page when calling JIRA.
Following this documentation: https://docs.amazonaws.cn/en_us/vpc/latest/privatelink/endpoint-service-overview.html
I create:
NLB on Internal scheme (with Listener TLS on port 443)
Target Group (TLS port 443)
Health Check (TCP 443)
Endpoint Service
My api node is listening on following ports:
root#ip-10-xx-xx-xx bin]# netstat -ltpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2632/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21588/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4070/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3180/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 21588/nginx: master
tcp6 0 0 :::40011 :::* LISTEN 21438/java
tcp6 0 0 :::111 :::* LISTEN 2632/rpcbind
tcp6 0 0 :::8080 :::* LISTEN 21438/java
tcp6 0 0 :::80 :::* LISTEN 21588/nginx: master
tcp6 0 0 :::22 :::* LISTEN 4070/sshd
tcp6 0 0 :::9080 :::* LISTEN 21438/java
tcp6 0 0 :::40001 :::* LISTEN 21438/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 21438/java
My Target Instance and Healthcheck are constantly failing.
I have rebuilt the NLB/Target groups many times, trying TLS and TCP listener - but nothing seems to work.
What am I missing?
I have setup an AWS EC2 Instance (g4dn.2xlarge). I wanted to setup a flask app on the same and run it using gunicorn and nginx on port 8000. Following all steps listed on multiple sites I did the following:
Updated Inbound Rules on my security group to allow HTTP:
Screenshot of Inbound Rules
Checked Outbound Rules:
Screenshot of Outbound Rules
Connected to the VM using SSH and ran sudo netstat -tulpn | grep LISTEN.
The output was:
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
786/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1058/sshd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 592/rpcbind
tcp6 0 0 :::22 :::* LISTEN 1058/sshd
tcp6 0 0 :::111 :::* LISTEN 592/rpcbind
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 966/java
tcp6 0 0 ::1:9200 :::* LISTEN 966/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 966/java
tcp6 0 0 ::1:9300 :::* LISTEN 966/java
Why is the system not showing port 8000 as available. I even ran grep 8000 and it gave no results. What should I do?
You can change the flask app port in app.py file
if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)
configure your web server (ex: nginx or apache) to proxy queries to flask port.
I am serving Django Project on Digitalocean Ubuntu Droplet. When I am configure https connection everything collapse and I can nat browse my ip
188.166.117.124
On every browser I get ERR_CONNECTION_REFUSED error
$ grep server_name /etc/nginx/sites-enabled/* -RiI
/etc/nginx/sites-enabled/default: server_name _;
/etc/nginx/sites-enabled/default:# server_name example.com;
/etc/nginx/sites-enabled/personal_web_site: server_name 188.166.117.124;
$ netstat -tlpdn
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* listen -
tcp 0 0 127.0.0.53:53 0.0.0.0:* listen -
tcp 0 0 0.0.0.0:22 0.0.0.0:* listen -
tcp 0 0 0.0.0.0:5432 0.0.0.0:* listen -
tcp6 0 0 :::80 :::* listen -
tcp6 0 0 :::22 :::* listen -
tcp6 0 0 :::5432 :::* listen -
$ netstat -tulpn | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* listen -
tcp6 0 0 :::80 :::* listen -
strong text
$ sudo ufw status
to action from
----- ----- --------
Nginx Full ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
Nginx HTTPS ALLOW Anywhere
8000 ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)
Nginx HTTPS (v6) ALLOW Anywhere (v6)
8000 (v6) ALLOW Anywhere (v6)
I tried with $ sudo ufw disabled nothing changed
What is the problem of my server