I created a web server with apache and php in AWS. Then I created a docker with the AMI from web server.
tar -c -C /mnt/ . | docker import - MY-IMAGE-NAME
The image was created:
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
workshop latest 6de90688f964 About a minute ago 1.14GB
I ran the docker exposing the port 80
docker run -tid -p 80:80 6de90688f964 /bin/bash
But I cant load the web. I used the public IP from the docker server. When I used curl I obtained
root#ip-10-10-0-10:/home/ubuntu# curl 18.206.153.112
curl: (7) Failed to connect to 18.206.153.112 port 80: Connection refused
Could you help me?
You need to adjust the security policy for this AWS Instance to allow TCP
inbound traffic on port 80 (EC2 Dashboard --> Security Groups).
Something like this:
Related
I'm new to devops. I want to install Jenkins in AWS EC2 with docker.
I have installed the Jenkins by this command:
docker run -p 8080:8080 -p 50000:50000 -d -v jenkins_home:/var/jenkins_home jenkins/jenkins:lts
On AWS security group, I have enabled port 8080 and 50000. I also enabled port 22 for SSH, 27017 for Mongo and 3000 for Node.
I can see the Jenkins container when I run docker ps. However, when I run https://xxxx.us-east-2.compute.amazonaws.com:8080, there is not a Jenkins window popup for Jenkins setting and display error, ERR_SSL_PROTOCOL_ERROR.
Does someone know what's wrong here? Should I install Nginx as well? I didn't install it yet.
The error is due to the fact that you are using https:
https://xxxx.us-east-2.compute.amazonaws.com:8080
From your description it does not seem that you've setup any type of ssl connection to your instance. So you should connect using http only:
http://xxxx.us-east-2.compute.amazonaws.com:8080
But this is not good practice as you communicate using plain text. A common solution is to access your jenkins web-ui through ssh tunnel. This way the connection is encrypted and you don't have to exposed any jenkins port in your security groups.
I run Tomcat image on AWS EC2 instance from DockerHub by command
docker run -d -p 8000:8080 tomcat
Container start normally
ubuntu#ip-172-31-39-118:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbb1ac139d13 tomcat "catalina.sh run" 21 minutes ago Up 21 minutes 0.0.0.0:8000->8080/tcp vigilant_poitras
my public IP address of instance is 3.14.3.30
I tried to access http://3.14.3.30:8000/ by Chrome, but access refused, timeout expired.
Security groups in AWS setup to 0.0.0.0/0 for source and destination
Firewall on my Wondows turned off.
Please help to solve problem!!
According to the comments, Inbound rules added are
22 TCP 0.0.0.0/0 - This is to ssh to the server.
You haven't opened the port 8000. Open an inbound rule for port 8000 as TCP.
#MichaelZal - there are two issues.
Issue 1.) you are not able to access the page locally. you have to fix this.
I ran the same tomcat image and this is how you should be able to see the page.
RUN curl http://localhost:8000 (note: 8000 port)
[ec2-user#ip-172-31-93-30 ~]$ curl http://localhost:8000
<!doctype html>HTTP Status 404 – Not Found
RUN docker inspect {Your_Container_ID} | grep "IPAddress"
RUN curl http://{Container-IP}:8080 (note: 8080 Port....)
I see your last comment that you tried all IPs. Container Gateway is not the right IP. Just to be sure, i am giving the info on how to check the container ip.
[ec2-user#ip-172-31-93-30 ~]$ docker inspect c44c5d8067b0 | grep "IPAddress"
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[ec2-user#ip-172-31-93-30 ~]$
[ec2-user#ip-172-31-93-30 ~]$ curl http://172.17.0.2:8080
<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><
If this does not work, then you have to check your container logs to if the tomcat started correctly and if you have the following type log messages. It rarely can go wrong. I ran the same docker command that you had run and it should work.
RUN docker logs {Your_Container_ID}
[ec2-user#ip-172-31-93-30 ~]$ docker logs c44c5d8067b0
.....
30-Sep-2020 16:19:58.554 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
30-Sep-2020 16:19:58.555 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.38]
30-Sep-2020 16:19:58.573 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
30-Sep-2020 16:19:58.612 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [196] milliseconds
Issue 2.) Network access is not there. There are two places where it can get blocked. NACL and Security Group.
Its clear that Security Group does not have the necessary rule. Below needs to be added.
Type: Custom TCP
Port: 8000
Source: 0.0.0.0/0 (this is for whole internet OR you can chose any Specific IP for which you intend to provide access)
If all the above are fixed and tested, and still the site does not does not work, the we have to check NACLs.
In case of issues, Post these please.
CURL outputs/error
container logs
I just started a new AWS EC2 instance. In the instance's security group I added a new rule to open port 8080 as well as port 80.
I created a docker image and container that runs an apache server as per the aws tutorial.
When I run docker run -p 80:80 hello-world (where hello-world is the apache container image), everything works fine and I can access the server from the public network (using a web browser, or a curl command).
However, when I run docker run -p 8080:80 hello-world and I try to send a GET request (web browser, or curl) I get a connection timeout.
If I login to the host that is running the docker container, the curl command works fine. This tells me that port 8080 isn't really open to the public network, and something is blocking it, what could that be?
I tried to reproduce the thing, and I wasn't able to do it (it worked for me), so things that you should check:
1) Check that security group has indeed opened ports 80 and 8080 to your ip (or 0.0.0.0/0 if this is just a test just to confirm that this is not a firewall issue).
2) check the container is running:
docker ps -a
you should see: 0.0.0.0:8080->80/tcp under ports.
3) check that when you are sending the GET request, you are specifying the port 8080 in the request, so your browser should look something like:
http://your.ip:8080
or curl:
curl http://your.ip:8080
warning: just for testing
For testing: Setting Security Groups can solve the problem.
SecurityGroups > Inbound > Edit inbound rules > Add new rules > All TCP
The problem is that when uploading docker image of service to the Amazon container registry, the docker image does not run after adding it as a Task.
See (https://aws.amazon.com/getting-started/tutorials/deploy-docker-containers/)
Step1: Push to AWS Container service private image registry
docker push 734122228327.dkr.ecr.us-east-2.amazonaws.com/joethecoder2:latest
## Step2: SSH into running Docker instance
ssh -i "containerservice.pem" ec2-user#ec2-18-217-248-112.us-east-2.compute.amazonaws.com
The authenticity of host 'ec2-18-217-248-112.us-east-2.compute.amazonaws.com (18.217.248.112)' can't be established.
ECDSA key fingerprint is SHA256:wCeAUed36nKeQjEbSDsYjzq8Z5mpNY4pbcahw2mSozs.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-18-217-248-112.us-east-2.compute.amazonaws.com,18.217.248.112' (ECDSA) to the list of known hosts.
| __| __|
| ( _ \ Amazon ECS-Optimized Amazon Linux AMI 2017.09.d
____|_|____/
For documentation visit, http://aws.amazon.com/documentation/ecs
Docker ps running instances
[ec2-user#ip-10-0-0-102 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c90a2116f3ab amazon/amazon-ecs-agent:latest "/agent" About an hour ago Up About an hour ecs-agent
[ec2-user#ip-10-0-0-102 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c90a2116f3ab amazon/amazon-ecs-agent:latest "/agent" About an hour ago Up About an hour ecs-agent
Results: Do not show that joethecoder2 image is running. WHY?
[ec2-user#ip-10-0-0-102 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
amazon/amazon-ecs-agent latest 2d99efccdfef 3 weeks ago 26.8MB
amazon/amazon-ecs-pause 0.1.0 c846030090b6 3 weeks ago 964kB
[ec2-user#ip-10-0-0-102 ~]$
Problem conclusion:
The docker image that was uploaded using Push was not included in the running container service, when adding the Task was done like the example instructions for how to deploy docker containers. (I configured the Task in step 2, and 3, and then setup the cluster in Step 4) See (https://aws.amazon.com/getting-started/tutorials/deploy-docker-containers/)
Test Data
However, when I try to curl the service it does not connect:
curl ec2-18-217-248-112.us-east-2.compute.amazonaws.com:8080
curl: (7) Failed to connect to ec2-18-217-248-112.us-east-2.compute.amazonaws.com port 8080: Connection refused
Further inspection:
Further inspection shows, that the docker service that should be running for joethecoder2 is not running in the docker instance that should be running on the container service node ec2-18-217-248-112.us-east-2.compute.amazonaws.com
Run Task had to be clicked, after setting up the Cluster, to associate the Task with a Cluster. Once the Task is running, port 8080 opens up successfully for the task. Host and Container were both mapped to port 8080
I am unable to connect to my EC2 instance via its public dns on a browser, even though for security groups "default and "launch-wizard-1" port 80 is open for inbound and outbound traffic.
It may be important I note that I have a docker image that is running in the instance, one I launched with:
docker run -d -p 80:80 elasticsearch
I'm under the impression this forwards port 80 of the container to port 80 of the EC2 instance, correct?
The problem was that elasticsearch serves http over port 9200.
So the correct command was:
docker run -d -p 80:9200 elasticsearch
The command was run under root.