I've developed a simple node.js application which lives in a customized Docker container (based on the node:carbon image).
The docker run command is:
docker run -p 8087:8087 --restart=on-failure -t --name=$RUN_NAME \
--env-file $DEV_ENV -d $CONTAINER_NAME:$CONTAINER_TAG
My webserver should be responding on port 8087 and it is from inside the container and from outside the vm by calling it from some other servers (not in Google Cloud).
My problem is that I should call it from my GoDaddy Linux hosting (curl call) and it's not reachable from there:
* About to connect() to x.x.x.x port 8087 (#0)
* Trying x.x.x.x... Connection refused
* couldn't connect to host
* Closing connection #0
curl: (7) couldn't connect to host
Note: I've opened the firewall for
the 8087 port.
Please help
Since you say that you've checked from other external hosts, have you considered that GoDaddy might be blocking outbound traffic to port 8087 (possibly due to port-scanning or other bad behavior)?
You should be able to rule this out by starting a service on 8087 on a non GCP VM, and testing whether curl from GoDaddy is able to reach it.
Right now, from your description, it sounds like:
VM -> localhost -> VM : works
External -> internet -> VM: works
GoDaddy -> internet -> VM: fails
If other external hosts work, I'd start to suspect GoDaddy, assuming that you've ensured that your firewall rule is actually open to 0.0.0.0/0 and not some smaller subnet.
Related
I am setting up a Virtual Machine node.js server at Google Cloud Platform. I have set up SSH keys so that I can log into my VM. I can successfully log into my VM using SSH-in-browser and start my server.
I can't access my public IP address through Chrome. I get this message:
This site can’t provide a secure connection.
When I try to connect to the IP within SSH-in-browser, I get the following:
$ curl -vso /dev/null --connect-timeout 5 34.68.254.120:8080
* Trying 34.68.254.120:8080...
* connect to 34.68.254.120 port 8080 failed: Connection refused
* Failed to connect to 34.68.254.120 port 8080: Connection refused
* Closing connection 0
I'm new at this. Any ideas would be appreciated. Thanks!
Edit1: Some more details --
Linux VM
port 8080 ingress is open on the firewall
I'm using OSLogin (`enable-oslogin = TRUE' 'enable-oslogin-sk = FALSE')
I can successfully log into console with both SSH-in-Browser and PuTTY, and I can start my server on port 8080
In both, I get the error above when I try to connect to the IP address
EDIT:
Follow below steps to fix “This Site Can’t Provide a Secure Connection” Error :
This error typically indicates a problem with either your browser’s configuration or the SSL certificate on your site.
1) Your local environment doesn’t have an SSL certificate.
2) Outdated SSL caches in the browser : (This is one of the more popular causes. Web browsers store SSL certificates in a cache, much
like other data. This means they don’t have to verify the certificate
every time you visit a site, which speeds up browsing. However, if
your SSL certificate changes and the browser is still loading an
older, cached version, it can cause this error to pop up).
3) Incorrect time and date settings on your computer.
4) Rogue browser extensions.
5) Overzealous antivirus software.
6) An invalid or expired SSL certificate.
If your firewall rules prevent external access:
Check your firewall rules with the following command: gcloud compute firewall-rules list with this, you can review the VPC where
the VM instance was migrated; and if it has allowed the Ingress TCP:
22 Port.
If this firewall rule is missing, you can add the firewall rule in the GCP console -> VPC Networks ->select your VPC network _Click on
the firewall rules to double check that the tcp: 22 port is allowed.
If the issue still is ongoing after checking the firewall rules, you
can follow this guide to start troubleshooting SSH connection.
We want to have a Test cloud virtual network that allows us to make an snmp-get over multiple virtual devices. To achieve this I am using GNS3. Now, we just deployed a GNS3 Server on EC2 (Ubuntu 18), but we can't ping nor snmp get any router outside the GNS3 server. We can ping these devices while we are in the GNS3 server, but this does not work from another server or my computer.
The GNS3 server already created and deployed.
The VPG, Site to site VPN, and VPC are already created, and the servers were added to this VPC.
After some weeks of research, our team found the solution, if anyone is having this same problem consider these important points in your AWS configuration:
Server A (GNS3) must be in a different Subnet than Server B (Test server that you want to ping from).
A Route Table must be created in AWS config pointing to the GNS3 ips.
Configure the NAT in Server A (In my case is an Ubuntu 18) using the following instructions:
Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface ens5 -j MASQUERADE
iptables --append FORWARD --in-interface virbr0 -j ACCEPT
Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
Apply the configuration
service iptables restart
This will allow your virtual GNS3 devices in Server A to be reached from Server B (A more detailed explanation here). Additionally, you might want to test an SNMP-WALK from Server B to your virtual device in Server A (a router in my case).
If this does not work try debugging using flow logs in AWS and looking if server A is effectively receiving the requests.
I have an ec2 instance on which i login as:
ssh -L 5001:localhost:5000 sumit#<public DNS>
I have an application (superset) which I run as:
2020-04-01 08:18:24,531:INFO:root:logging was configured successfully
2020-04-01 08:18:24,620:INFO:root:Configured event logger of type <class 'superset.utils.log.DBEventLogger'>
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
2020-04-01 08:18:25,600:INFO:werkzeug: * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
Now when I open my browser and type, then it works:
http://127.0.0.1:5001/
I already have setup all http and https traffic:
Now when I change 127.0.0.1 to the aws public dns address it doesn't work. Please let me know what am I missing?
You method is using something call Port Forwarding.
This command:
ssh -L 5001:localhost:5000 sumit#<public DNS>
is saying: "Please SSH into the instance, and also forward port 5001 on this computer to the other computer, and ask it to send the traffic to localhost:5000."
Therefore, any traffic sent to port 5001 on your computer will be forwarded to port 5001 on the target computer. This is a good way of preventing other people from being able to access port 5000 on that computer, unless they are able to SSH into the instance (presumably using a private key).
Accessing http://127.0.0.1:5001/ means it will go to port 5001 on your computer. It would be the same as going to http://localhost:5001 on your own computer.
The flow is: 127.0.0.1:5001 -> via SSH connection -> localhost:5000 on other computer
Changing it to http://DNS-NAME:5001 will try to connect to port 5001 on the destination computer, which is not a port that is in use. You could try changing it to connect to http://DNS-NAME:5000 (which is the port where the application seems to be running) and opening the Security Group to allow port 5000, but that would probably violate the security that somebody probably wanted to put in place.
What I'm trying to do is access my webserver on my EC2 from the outside.
Here's what I've done so far:
I've opened all Incoming Traffic to anywhere both for IPv4 and IPv6 in the EC2's Security group
Disabled the firewall from the Control Panel in the EC2 for both public and private
Started my webserver on port 80
From outside the ec2:
I can ping the EC2 succesfully
If I run telnet <my ec2 ip> 80 I get telnet: Unable to connect to remote host: Connection refused
If I run nmap <my ec2 ip> port 80 is not listed
From inside the ec2:
I was able to connect from localhost:80 in EC2's browser
If I ran netstat -aon it shows it is listening on port 80
Make sure that your web server is bound to the external network interface.
Using 0.0.0.0 will ensure that connections can be made from any interface. On the other hand, using 127.0.0.1 (localhost) would have behavior like what you describe, where you can connect to the web server locally, you can reach the host externally (e.g. via ping) but cannot connect to the web server externally.
Is your EC2 instance in a custom VPC? If so, look at attaching an Internet Gateway to the VPC and update the route tables associated with the subnet in which your instance is running.
For this answer I am assuming that you are using IIS as your web server.
1) Start Internet Information Services (IIS) Manager.
2) Expand the left hand panel "Connections" and locate your web server under "Sites".
3) Select your web site. In the right hand panel click on "Bindings".
4) A "Site Bindings" dialog box will open.
5) Under the tab "IP Address" make sure that an asterisk displays so that the server binds to all network interfaces on startup.
5) In the right hand panel under "Manage Website" click "Restart".
I have 2 instances set up in EC2. One is running nginx and has an association with the elastic IP address, so its publicly accessible.
The other doesn't have a web server but has a RESTful server running on port 8080.
Both belong to a security group with these rules:
Ports Protocol Source MongoDB-2-2-2-AutogenByAWSMP-
22 tcp 0.0.0.0/0
80 tcp 0.0.0.0/0
8080 tcp 0.0.0.0/0
If I understand that right then port 8080 should be open.
If I ssh onto my web box (with nginx running) I'm trying to test access to my RESTful server on the other instance:8080, so I tried:
curl http://10.151.87.76:8080/1/tlc/ping
curl http://ip-10-151-87-76:8080/1/tlc/ping
curl http://ip-10-151-87-76.ec2.internal:8080/1/tlc/ping
All of these gave me "couldn't connect to host" errors.
If I log onto the RESTful box directly and do the following, it works.
curl localhost:8080/1/tlc/ping
So I know my service is up and healthy.
Any ideas why I can't see port 8080 from the other instance are appreciated.
Make sure instances are in the same availability zone. If not, you may need to access the instance by public DNS name (something like ec2-XXX-XX-XXX-XXX.YYY.amazonaws.com).
Make sure 10.151.87.76 is the correct IP. Note that this will probably change after the instance is stopped and started again.
Make sure your headless service is publicly available -- it may listen on localhost:8080 only but should listen on 0.0.0.0:8080. Try nmap 10.151.87.76 -p 8080 from other instance, it should list 8080 as open port.
Make sure your headless service is publicly available << so this is the reason. What web server are you using for REST API? If it is Apache, make sure config says Listen 8080, not Listen 1.2.3.4:8080. If it is standalone app, make sure it can listen on all interfaces -- some clients will listen on localhost by default. – hudolejev 54 mins ago
This! Buried deep (deep) within my code was a piece of the server wired to "localhost". Changed that to key off hostname and all was well! Happy.