I wrote a very simple spring-boot application and packed it in Docker.
The content of docker file is:
FROM openjdk:13
ADD target/HelloWorld-1.0-SNAPSHOT.jar HelloWorld.jar
EXPOSE 8085
ENTRYPOINT ["java", "-jar", "HelloWorld.jar"]
I pushed it to docker hub.
I created a new EC2 instance on aws. Then I connected to it and typed the following commands:
sudo yum update -y
sudo yum install docker -y
sudo service docker start
sudo docker run -p 80:8085 ****/docker-hello-world
The last command gave many messages on the screen that said that spring-boot application is running.
Looks great. However, when I opened my browser and typed: "http://ec2-54-86-87-68.compute-1.amazonaws.com/" (public DNS of EC2 machine).
I got "This site can’t be reached".
Do you know what I did wrong?
Edit: security groups that regard this machine are "default" and the following group that I defined:
Inside the EC2 machine, I typed:"curl localhost:8085" and got:
"curl: (52) Empty reply from server"
Ensure that your port's inbound traffic is enabled for your local IP address in your ec2 instance security group configuration
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#adding-security-group-rule
Have you allowed inbound traffic for port 8085 in your security group configuration? That should be the first thing to check.
I found the solution.
It was port issues.
Instead of running
sudo docker run -p 80:8085 ****/docker-hello-world
I had to run:
sudo docker run -p 8085:8080 ****/docker-hello-world
This command says: "take the application that runs on port 8080 in the application and put it on port 8085 on docker".
I opened the browser and browsed to: "http://ec2-18-207-188-57.compute-1.amazonaws.com:8085/hello" and got the response I expected.
Related
I wanted to launch a little static website on an EC2 instance and I followed the following steps:
launched a t2.micro instance using console in us-east-1 region
attached an existing security group which allows http request, https and ssh.
logged in my ec2 through SSH and changed it into an apache web server using following commands:
commands:
#bin/bash
sudo su
yum update -y
yum install httpd -y
cd /var/www/html
Then I wrote a hello world html code in index.html file and started my web service
service httpd start
chkconfig on
Even after following all the above steps, when I open try to access the webpage by going to the public ipv4 address of my ec2 instance, I am getting a timout error.
Any idea what I might be missing here?
Thank you.
You can try creating new EC2 instance like below
Lunch the same type of instance
Add below script in user data to create HTML page
#!/bin/bash
Use this for your user data (script from top to bottom)
install httpd
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "Hello World - $(hostname -f)" > /var/www/html/index.html
After launching EC2, open that security group and add below HTTP rule
At the end, manually type HTTP://your public address. sometimes by default its shows with HTTPS so just ensure you are typing HTTP only.
I am deploying a multi container Flask python app (with gunicorn) to ECS with Docker to my ECS cluster that uses a single t2.small EC2 instance. My app runs on port 8000 and runs fine, I can use my app perfectly when using my EC2 DNS: http://ec2-xx-xxx-xxx-xx.us-east-2.compute.amazonaws.com:8000
I now want to use my own custom domain instead from GoDaddy. I'm using Route 53 for the nameserver registration, and plan to use an alias that points to my instance via a load balancer (Application Load Balancer).
Before setting up the alias, I want to first check my ALB is is successfully allowing me to access my app on port 8000 via HTTP (port 80) using the target group. My ECS service creates fine and I can see my web app running in the logs, but when I put the ALB DNS into my browser I get: 502 Bad Gateway.
I've checked my Target Group and it seems that the registration of my EC2 instance is failing on port 8000 due to "Health checks fail". I can't find any further details on the cause of failure, 'Health status details' just says 'Health checks failed' and describe-target-health returns Target.FailedHealthChecks.
I've tried to troubleshoot myself following these steps: https://www.youtube.com/watch?v=cmRZleI18Yg
When I SSH into my EC2 instance on cmd and run telnet 80, I get a 'Connection refused' error rather than HTTP 200 response. When I try the same using my load balancer DNS, It connects successfully on PORT 80. My current thinking is that for some reason, my EC2 instance is not listening on port 80. I have no idea why and have tried the following already:
Ensured correct set-up of security groups and NACL
Yes, EC2 security group set-up to allow all traffic on port 80 and have added rule for my ALB security group on all ports. NACL accepting all inbound and outbound traffic.
**Ensure no firewall on EC2 blocking HTTP **
Have run sudo service iptables status and got the following:
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: inactive (dead)
which seems to suggest no firewalls in place?
Confirm web server is actually running on EC2 instance
I'm very open to suggestions here, but I assume it's running from a) being able to see logs in ECS and b) I could use the app successfully when using http://ec2-xx-xxx-xxx-xx.us-east-2.compute.amazonaws.com:8000. Is there anything else I can do to validate this?
Logs from ECS:
Dockerfile
FROM python:3.7.5-slim-buster
RUN apt-get update && apt-get install -qq -y \
build-essential libpq-dev --no-install-recommends
RUN apt-get install libcurl4-openssl-dev libssl-dev -y
ENV INSTALL_PATH /canopact
RUN mkdir -p $INSTALL_PATH
WORKDIR $INSTALL_PATH
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
COPY . .
RUN pip install --editable .
CMD gunicorn -c "python:config.gunicorn" "canopact.app:create_app()"
Gunicorn.py
# -*- coding: utf-8 -*-
bind = '0.0.0.0:8000'
keepalive = 120
accesslog = '-'
access_log_format = '%(h)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s" in %(D)sµs'
I'm still using the flask config SERVER_NAME as: "ec2-xx-xxx-xxx-xx.us-east-2.compute.amazonaws.com:8000", but I have tried changing it to "0.0.0.0:8000" and getting the same result of healthchecks failing
Questions
I'm really really unsure on what else I can do to troubleshoot this. Am I correct to assume that my healthchecks are failing because of the Connection refused when trying to connect to EC2 instance on PORT 80, or should I be investigating something else? Feels like every stackoverflow post suggests trying the above 3 steps to troubleshoot Connection refused, so I'm not sure what else to try.
I've seen some posts suggesting use of NGINX, but I thought ALB could be used independently on NGINX?
You will get this connection refused error when you try to connect to a port which is not open. As i have seen your Gunicorn.py here you have mentioned 0.0.0.0:8000 which means your server is running on port 8000 and you are trying to connect on port 80. To fix this you need to create a target group for port 8000 and point it to your application. This will resolve your issue.
Had a similar issue but mine was related to problem with the container start-up. This was because in my task definitions, I mistakenly set container memory limit as hard instead of soft.
I'm new to devops. I want to install Jenkins in AWS EC2 with docker.
I have installed the Jenkins by this command:
docker run -p 8080:8080 -p 50000:50000 -d -v jenkins_home:/var/jenkins_home jenkins/jenkins:lts
On AWS security group, I have enabled port 8080 and 50000. I also enabled port 22 for SSH, 27017 for Mongo and 3000 for Node.
I can see the Jenkins container when I run docker ps. However, when I run https://xxxx.us-east-2.compute.amazonaws.com:8080, there is not a Jenkins window popup for Jenkins setting and display error, ERR_SSL_PROTOCOL_ERROR.
Does someone know what's wrong here? Should I install Nginx as well? I didn't install it yet.
The error is due to the fact that you are using https:
https://xxxx.us-east-2.compute.amazonaws.com:8080
From your description it does not seem that you've setup any type of ssl connection to your instance. So you should connect using http only:
http://xxxx.us-east-2.compute.amazonaws.com:8080
But this is not good practice as you communicate using plain text. A common solution is to access your jenkins web-ui through ssh tunnel. This way the connection is encrypted and you don't have to exposed any jenkins port in your security groups.
I have a linux AWS instance. I am running the following script on it:
#!/usr/bin/env bash
#This script installs java, sbt and the application
#Run this script on a new EC2 instance as the user-data script, which is run by `root` on machine start-up.
sudo yum update -y
sudo yum install -y docker
sudo service docker start
docker run repo/carrie
Everything installs and I get the below message in the logs:
REST interface bound to /0.0.0.0:8080
However when I try to actually access the port like so:
curl 0.0.0.0/8080
I get the below message:
Failed to connect to 0.0.0.0 port 8080: Connection refused
I have tried editing the inbound rules so that 8080 is open but it doesn't seem to work. Maybe because I'm editing the rules after the instance has already launched?
You have to publish the container's port to the host in the docker run command
$ docker run --help
...
-p, --publish list Publish a container's port(s) to the host
...
The last line of your script should look like this if the process in the container listens on port 80:
docker run -p 8080:80 repo/carrie
The container gets its own interface, hence host's 0.0.0.0 is not applicable.
Tell docker to bind container port 8080 out to the host:
docker run -p 8080:8080 repo/carrie
I have a jenkins instance running inside a docker container that's listening on port 8181.
Example URL of the jenkins instance:
http://ec2-34-155-164-97.us-west-2.compute.amazonaws.com/
I have a tomcat docker instance that's listening on port 8383 running inside the jenkins docker container.
I can access jenkins instance from my local browser. Is there any possible way that I can access my docker tomcat instance from my local browser?
Here is my docker run command:
docker run -d -v /var/run/docker.sock:/var/run/docker.sock \ -v $(which docker):/usr/bin/docker -p 8181:8080 jenkins-dsl
Please provide your suggestions.
It sounds like your docker run command simply needs to expose the port that your nested tomcat server is running on.
To do this, you need to pass in -p argument into your command. The -p argument is for binding a host port to the docker container's port:
-p <host_port>:<container_port>
You can pass in as many -p arguments as you want to bind multiple ports.
So if the docker tomcat server is running on port 8383 within the Jenkins docker container, then you can do something like this:
-p 8383:8080
Full command example:
docker run -d -it -p 8383:8080 --name tomcatServer docker-tomcat
I would assume that this would allow you to access tomcat server using the example URL provided like so:
http://ec2-34-155-164-97.us-west-2.compute.amazonaws.com:8383
However, you'd have to ensure your AWS Security Group will allow traffic to port 8383.
EDIT: Updated answer to reflect the resolution we discussed in the comments.
Edited
I could able to launch tomcat by specifying the port in the URL and opening the port in EC2 instance.
http://ec2-34-155-164-97.us-west-2.compute.amazonaws.com:8383
Latest Docker installation guide for Tomcat clearly says you will get this error when you launch it for the first time
You can then go to http://localhost:8888 or http://host-ip:8888 in a browser (noting that it will return a 404 since there are no webapps loaded by default).
its because you do not have any apps in the default webapps folder of Tomcat. your latest Tomcat docker image has the default apps in the "webapps.dist" folder, you have to copy it to "webapps" folder. Do the Following commands
# docker exec -it tomcat-container /bin/bash
# cd webapps.dist
# cp -R * ../webapps
"tomcat-container" is your container name.
now refresh your browser you will get it. if not let me know