Right now, I am setting up the AWS server with tomcat docker.
I am successfully map with Domain name provided by Namecheap but unfortunately, my website still can access by the public ip address.
I want to redirect the ip address to domain name.
I tried set the hosts file but it did not work.
For example, 127.0.0.1 www.abc.com
You need to map the instance public IP in your Domain provider setting, not the local IP of Docker.
Publish docker port to host docker run -dit -p HOST_PORT:CONTAINER_PORT your_image
Allow port in the security group of instance
update DNS to point to the public IP address of the instance
Update:
You need to run Nginx in your EC2 machine, then add following config in the Nginx config.
Try this on the second block:
server {
listen 80;
server_name YOUR_INSTANCE_PUBLIC_IP;
return 301 $scheme://www.abc.com$request_uri;
}
redirect 127.0.0.1 to www.abc.com not possible, as 127.0.0.1 is local IP and not accessible from outside of EC2.
expose the docker container port:
docker run --name awsContainer -p 80:8080
-p 80(port aws instance):8080(tomcat container port)
Related
I have a requirement similar to this post,
Google cloud load balancer port 80, to VM instances serving port 9000
I like one of the answers (not the accepted), but how to do it ? or is there an alternate way ?
" If your app is HTTP-based (looks like it), then please have a look
at the new HTTP load balancing announced in June. It can take incoming
traffic at port 80 and forward to a user-specified port (eg. port
9000) on the backend. The doc link for the command is here:
https://developers.google.com/compute/docs/load-balancing/http/backend-service#creating_a_backend_service"
I dont want to create statis IP after static IP and loose track
Scenario:
A Compute Engine with an application running on port 8080 or 8043 (firewall open for 8080 and 8443 , has static IP )
Now I want to hook it a domain.
Problem:
I have to specify port number - like http://mywebsite:8080
Goal: Allow use like http://mywebsite
Please can I ask how Cloud DNS and Load Balancer work. Are both needed for my scenario? help me connect the dots.
Thanks
Note: Application works on 8080 only (wont run on 80)
DNS knows nothing about port numbers (except for special record types). DNS is a hostname to IP address translation service.
You can either use a proxy/load-balancer to proxy port 80 to 8080 or configure your app to run on port 80.
Port 80 requires permission to use. For Linux this means configuring your application to run with system privileges or starting the application with sudo.
Most applications that run on non-standard ports have a web server in front of them such as Apache or Nginx. The web server proxies port 80 to 8080 and provides a more resilient Internet facing service.
I don't want to create static IP after static IP and lose track
Unfortunately, you will need to manage your services and their resources. If you deploy a load balancer, then you can usually use private IP addresses for the compute instances. Only the load balancer requires a public IP address. The load balancer will proxy port 80 to 8080.
However, assuming that your requirements are small, you can assign a public IP address to the instance, install Apache or Nginx, and run your application on port 8080.
Today, it is rare that Internet-facing web services do not support HTTPS (port 443). Using a load balancer simplifies configuring TLS and certificate management. You can also configure TLS in Apache/Nginx and Let's Encrypt. That removes the requirement that your app supports TLS directly on something like port 8443.
I found this article and it works - https://eladnava.com/binding-nodejs-port-80-using-nginx/
Steps: (sudo apt-get update)
sudo apt-get install nginx
remove default
sudo rm /etc/nginx/sites-enabled/default
create new - node folder
sudo nano /etc/nginx/sites-available/node
<<<<<< add this to the file update domain name , port of your app ...8080 or other>>>>>
server {
listen 80;
server_name somedomain.co.uk;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:8080";
}
}
create a symbolic link:
sudo ln -s /etc/nginx/sites-available/node /etc/nginx/sites-enabled/node
Restart nginx
sudo service nginx restart
Credits to original author - Elad Nava
I am running nginx in a docker container in an EC2 instance. I started nginx using docker run --name mynginx1 -p 80:80 -d nginx and can access it via curl http://localhost from inside the EC2 instance. Now when I try to access it from my outside through my browser, my request is always timing out. I have set the security rules on my EC2 instance to allow all traffic, all protocols from any IP address for the purpose of testing.
I have verified that nginx is listening on any IP address using ss -tuln | grep 80
tcp LISTEN 0 4096 0.0.0.0:80 0.0.0.0:*
tcp LISTEN 0 4096 [::]:80 [::]:*
Any ideas?
Note: When I install nginx on EC2 directly and run it using sudo systemctl start nginx, I am able to go to http://<ec2_dns> and see the nginx welcome page. So I believe this is an issue specific to running docker containers on EC2 and not a problem with the instance security rules.
Edit 1: Subnet network ACLs inbound rules are as follows:
I have a web application running on a private server. I use ssh port tunnelling to map the private server port's to that of google cloud VM port 8080, and when I do
curl http://localhost:8080
on gcp VM shell, it returns a valid response. However, when I try to access it from outside (in browser) using the external IP (or do curl http://[external_IP]:8080 in shell), it returns "the IP refused to connect".
My firewall settings allow tcp traffic on 8080 s.t. when I run another application on port 8080 directly in VM without ssh (say a docker hello-world app) it is accessible from outside using the same link and works well. Is there additional configuration i must do?
Check if your application is binding to 127.0.0.1 or localhost. If yes, change to 0.0.0.0.
To accept traffic from the VPC requires binding to a network interface connected to the VPC. The address 0.0.0.0 means bind to all network interfaces.
The network 127.x.x.x aka localhost or loopback address is an internal-only (Class A) network. If your application only binds to the internal network, external applications cannot connect to your application.
If instead your goal is to bind to localhost and use SSH port forwarding to access the loopback address, then start SSH like this:
ssh -L 8080:127.0.0.1:8080 IP_ADDRESS_OF_VM
You can then access port 8080 on the VM this way:
curl http://127.0.0.1:8080
The curl command is connecting to port 8080 on your local machine. SSH then forwards that connect to port 8080 on the remote machine.
I am unable to connect to my EC2 instance via its public dns on a browser, even though for security groups "default and "launch-wizard-1" port 80 is open for inbound and outbound traffic.
It may be important I note that I have a docker image that is running in the instance, one I launched with:
docker run -d -p 80:80 elasticsearch
I'm under the impression this forwards port 80 of the container to port 80 of the EC2 instance, correct?
The problem was that elasticsearch serves http over port 9200.
So the correct command was:
docker run -d -p 80:9200 elasticsearch
The command was run under root.
two instances:
1.- Orion with 192.168.x.1, public like 130.a.b.c
2.- Keystone with 192.168.x.2. Port 8000 opened and tested from localhost
3.- instances have the same routing rule group.
I edit my security group rules adding port 8000 with a cidr 192.168.x.2/32. Now i test it with telnet from my computer:
telnet 130.a.b.c 8000
result: Connection time out.
i'm wrong? how can i connect to port 8000 from my computer to my second instance using the public Ip (configured in first instance) ? Or need a second public Ip?
There are many ways to do this: IPForwarding with iptables, haproxy, etc.
However, I thinK that the easiest way to do this would be SSH Port forwarding in your host with the public IP:
ssh -f -N -o ServerAliveInterval=30 -L 0:8000:192.168.x.2:8000 $YOUR_USER#192.168.x.1:8000
-L 0:8000:192.168.x.2:8000 means that It'll listen every network interface (0:8000) and will send every query to 192.168.x.2:8000
If you don't have a password to your user or ssh is not configured to accept passwords, you could consider either adding a new authorized key (so you can locally login) or connecting your public IP using -A so your credentials can be forwarded:
*ssh -A -i $PRIVATE_KEY_FILE $YOUR_USER#130.a.b.c