I am unable to reach EC2 instance after installing NGINX on that EC2 instance didn't get why this happen I just run below commands:
sudo apt update
sudo apt install nginx
sudo ufw app list
sudo ufw enable
sudo ufw allow 'Nginx HTTP'
sudo ufw status
before installing NGINX i am able to take SSH connection of EC2 but after doing this I am not reach to EC2 i cross check everything
SG Inbounds has enable 22 port [trying with all of three MyIp,Custom,Anywhere],
VPC has internet gateway which is properly bind
is there anything that i left?
or
"sudo ufw enable"
command run on my EC2 is creates the issue
Stop the running EC2 instance
Detach its /dev/sda1 volume
Start another EC2 instance, it should be on the same subnet
Attach volume to the new micro instance, as /dev/xvdf
SSH to the new instance and mount the volume to /mnt/tmp
sudo fdisk -l # check volumes and find the volume we wanna mount, in my case it's /dev/xvdf1
sudo mkdir /mnt/tmp
sudo mount /dev/xvdf1 /mnt/tmp
Disable UFW by setting ENABLED=no in /mnt/tmp/etc/ufw/ufw.conf
cd
sudo nano /mnt/tmp/etc/ufw/ufw.conf
Exit
Terminate the new instance
Detach the volume from it
Attach volume back to the main instance as /dev/sda1 Start the main instance
Login as before
Enable ssh connections
sudo ufw allow ssh
sudo ufw enable
Kudos to: https://stackoverflow.com/a/49432706
You should allow SSH connections before enabling the firewall so;
Execute
sudo ufw allow ssh
Before
sudo ufw enable
Related
I wanted to launch a little static website on an EC2 instance and I followed the following steps:
launched a t2.micro instance using console in us-east-1 region
attached an existing security group which allows http request, https and ssh.
logged in my ec2 through SSH and changed it into an apache web server using following commands:
commands:
#bin/bash
sudo su
yum update -y
yum install httpd -y
cd /var/www/html
Then I wrote a hello world html code in index.html file and started my web service
service httpd start
chkconfig on
Even after following all the above steps, when I open try to access the webpage by going to the public ipv4 address of my ec2 instance, I am getting a timout error.
Any idea what I might be missing here?
Thank you.
You can try creating new EC2 instance like below
Lunch the same type of instance
Add below script in user data to create HTML page
#!/bin/bash
Use this for your user data (script from top to bottom)
install httpd
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "Hello World - $(hostname -f)" > /var/www/html/index.html
After launching EC2, open that security group and add below HTTP rule
At the end, manually type HTTP://your public address. sometimes by default its shows with HTTPS so just ensure you are typing HTTP only.
I am trying to secure my apache with Let's Encrypt on Ubuntu 18.04,
I ran these commands:
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt install python-certbot-apache
$ sudo ufw enable
$ sudo ufw allow 'Apache Full'
After the last command, The terminal froze, so I decided to close it and reconnect hoping it would really reconnect.
Unfortunately, it returns with a message saying:
ssh: connect to host <...some public ipv4 DNS> port 22: Connection timed out
I checked the security groups to see if SSH is set to Anywhere and yes its set.
My guess is I messed up the ufw configs(or maybe not), but I can't confirm it because I cant ssh to my ec2 instance.
EDIT:
I tried stopping and starting the instance, causing it to change its public ip address, which I still cant ssh to :(
Issue might be because ufw by default doesn't have allow 22 rule set, so before you enable ufw try running sudo ufw allow 22 or sudo ufw allow ssh.
To allow ssh before enabling ufw try running the below command which adds the rule to /etc/ufw/user.rules
sudo ufw allow ssh
So when user enables ufw it reads the already existing rules from the file, and doesn't terminate or block the user out of the access.
And then running the following commands will make it easy for the user to access the instance without any issues.
sudo ufw enable
sudo ufw allow 443
sudo ufw status
However, when coming to cloud provisioned instances, it's more likely and easy to play with security groups which would give a higher level of access to play with a specific instance and their corresponding rules.
I wrote a very simple spring-boot application and packed it in Docker.
The content of docker file is:
FROM openjdk:13
ADD target/HelloWorld-1.0-SNAPSHOT.jar HelloWorld.jar
EXPOSE 8085
ENTRYPOINT ["java", "-jar", "HelloWorld.jar"]
I pushed it to docker hub.
I created a new EC2 instance on aws. Then I connected to it and typed the following commands:
sudo yum update -y
sudo yum install docker -y
sudo service docker start
sudo docker run -p 80:8085 ****/docker-hello-world
The last command gave many messages on the screen that said that spring-boot application is running.
Looks great. However, when I opened my browser and typed: "http://ec2-54-86-87-68.compute-1.amazonaws.com/" (public DNS of EC2 machine).
I got "This site can’t be reached".
Do you know what I did wrong?
Edit: security groups that regard this machine are "default" and the following group that I defined:
Inside the EC2 machine, I typed:"curl localhost:8085" and got:
"curl: (52) Empty reply from server"
Ensure that your port's inbound traffic is enabled for your local IP address in your ec2 instance security group configuration
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#adding-security-group-rule
Have you allowed inbound traffic for port 8085 in your security group configuration? That should be the first thing to check.
I found the solution.
It was port issues.
Instead of running
sudo docker run -p 80:8085 ****/docker-hello-world
I had to run:
sudo docker run -p 8085:8080 ****/docker-hello-world
This command says: "take the application that runs on port 8080 in the application and put it on port 8085 on docker".
I opened the browser and browsed to: "http://ec2-18-207-188-57.compute-1.amazonaws.com:8085/hello" and got the response I expected.
I Followed these steps :
First i took a server(Cent OS 6) from Google Cloud in Asia South reagion.
and Executed these commands :
sudo -i
chkconfig iptables off
service iptables stop
setenforce 0
vi /etc/selinux/config (SELINUX=disabled)
init 6
wget http://archive.cloudera.com/cm5/installer/latest/cloudera-manager-installer.bin
chmod u+x cloudera-manager-installer.bin
sudo ./cloudera-manager-installer.bin
Done! Cloudera manager installed Successfully.
But when I am trying to access http://my_public_ip:7180/ then getting timed out error.
ALso i waited for 1 hour after installing cloudera(for startup settings). but again same response.
I have opened the port 7180 on EC2 Instance Firewall but not on EC2 Security Group. By adding Port 7180 on EC2 Security Group now Cloudera manager working.
I've changed default ssh port by performing the following steps;
Edit 22 to 2200 in sudo nano /etc/ssh/sshd_config
restart ssh server by using sudo service ssh restart
Added a ufw rule sudo ufw allow 2200/tcp
Added a rule in EC2 security group in AWS management console to allow TCP 2200 from 0.0.0.0/0
SSH access to public IP using port 2200 and using SSH private key
But it was it was unresponsive.
Any ideas?
You need to restart sshd
sudo service sshd restart
Not the ssh restart because ssh_config controls the behaviour of ssh not sshd