What is that one port i need to open in ec2 instance so that it will allow me to open below link on ssl as well.
Without HTTPS --this is working fine
With Https --this is giving error
please help
You Will need Port 443 Open in Security Group for HTTPS to work , also make sure if it is windows Instance Windows Firewall has that port Open.
Your working link is specifying port 3478: http://live.talkrecruit.com:3478/
Your non-working version is specifying HTTPS, but is also still specifying port 3478: https://live.talkrecruit.com:3478/
Since you have configured HTTPS to be served on port 443, you obviously need to change the port in the link to be 443, like so: https://live.talkrecruit.com:443/
And since 443 is the default port for HTTPS, you can leave it off and the browser will automatically try to use port 443 like so: https://live.talkrecruit.com/
Related
I'm trying to deploy my spring boot in https using ec2, Route 53.
When I try to set ALB's target groups to register for port 443, it failed in health check.
I opened 443 in security group which apply to ALB, also VPC's network ACL.
So I googled it and found out that "even though 443 is opened, if no one's listening to port 443, then connection to 443 will fail". Reading this comment, I decided to run springboot on port 443.
So I've changed application.properties to use 443 and also shell script file in charge of deploying to use 443. But it didn't work, server couldn't run on 443.
There was no other process on 443, my firewall setting is opened to 443 too.
After some googling, Someone told me "one some *nix system, 1 to 1024 ports can only be used by root previlege..." So, I changed settings and run my springboot on 8443 , finally succeeded.
But when I try to register target to 8443 it also returns unhealthy, even though I opened 8443 on security group, and there is one process listening to 8443.
I'm kind of lost here.
Is my approach is wrong? what can I do to make it healthy?
I bought domain on other site.
Got SSL Certification from ACM.
Added this SSL as CNAME into Route53 record.
Feeling embarrassed because i'm beginner in aws, also not completly understanding what i am doing.
Right now I'm just thinking making target healthy would solve the problem..
Any references that will help me getting out of this problem would be really helpful. thanks.
I am using ubuntu 18.04 in my GCP and have setup my firewalls to listen to port 5000 by default:
my output for netstat -tupln:
when I open <my-ip-address>:5000 I can access my hosted website, but when I try to do <my-ipaddress> It says connection refused. I don't know why it says show as I have changed default port on firewall as well. Can someone please help me out here?
when you open up the public address in a web browser it will go to the server looking for an application running on port 80 or 443 in case of https request. That is why the connection is refused because your firebase only allows for 5000 port request will be forward to your machine.
I'm not sure why my browser is timing out when I try to connect to my AWS Ubuntu Instance squid proxy
I want to have my AWS Ubuntu instance act as a proxy for my python requests. The requests I make in my program will hit my AWS proxy and my proxy will return to me the webpage. The proxy is acting as a middleman. I am running squid in this Ubuntu instance. This instance is also within a VPC.
The VPC security group inbound traffic is currently set to
HTTP, TCP, 80, 0.0.0.0/0
SSH, TCP, 22, 0.0.0.0/0
RDP, TCP, 3389, 0.0.0.0/0
HTTPS, TCP, 443, 0.0.0.0/0
and outbound traffic is open to all traffic
This is my current squid configuration is the default squid.conf except that I changed one line to
http_access allow all meaning traffic is open to all.
However when I changed my mozilla browser to use the Ubuntu instance's Public IP and squid.conf default port of 3128, I cannot see any traffic going through my proxy using this command on the ubuntu instance
tail -f /var/log/squid/access.log
My browser actually times out when I try to connect to a website such as google.com. I am following this tutorial but I cannot get the traffic logs that his person is getting.
HTTP/S as shown in security group settings actually has nothing whatsoever to do with HTTP/S.
Many port numbers have assigned names. When you see "HTTP," here, it's only an alias that means "whatever stuff happens on TCP port 80." The list of values only inludes common services and the names aren't always precise compared the official port names, but the whole point is to give neophytes a word that nakes sense.
What should I change? I always thought I should be leaving HTTP/S ports to their default values.
That is not at all what this does. As already inferable from above, changing an "HTTP" rule from port 80 to something else does not change the value for the HTTP port on instances behind it. Changing the port value makes the rule no longer be an "HTTP" rule, since HTTP is just a friendly label which means "this rule is for TCP port 80."
You need a custom TCP rule allowing port 3128 from your IP, and that's it.
You need to add 3128 as custom TCP in your SG. This will allow Squid to send/ receive traffic.
Also as a best practice, make SSH accessible from your own IP rather than public.
I have an elastic load balancer that works properly when configured like so:
Load Balancer Protocol: HTTPS
Load Balancer Port: 443
Instance Protocol: HTTP
Instance Port: 80
However, if I attempt to change the instance protocol to HTTPS and instance port to 443, my server stops responding.
What do I have to do in order for my instance port to be 443?
The reason I want my instance port to be 443 is that my Rails app must verify that the incoming connection uses SSL, but this way, this check fails.
You need to change the way your application detects whether or not the client is using SSL.
The port on the server won't give you that information. You may want to look at the ELB documentation and see if you can use X-Forwarded-Proto or X-Forwarded-Port.
Your instance server has to be able to respond on port 443, with a valid HTTPS response.
That generally means you have to install a signed SSL cert and configure your web server to use it.
Without knowing what web server you are using, I can't give specific instructions.
For instance, if you are using Apache, you need to install something like mod_ssl.
I have 2 instances set up in EC2. One is running nginx and has an association with the elastic IP address, so its publicly accessible.
The other doesn't have a web server but has a RESTful server running on port 8080.
Both belong to a security group with these rules:
Ports Protocol Source MongoDB-2-2-2-AutogenByAWSMP-
22 tcp 0.0.0.0/0
80 tcp 0.0.0.0/0
8080 tcp 0.0.0.0/0
If I understand that right then port 8080 should be open.
If I ssh onto my web box (with nginx running) I'm trying to test access to my RESTful server on the other instance:8080, so I tried:
curl http://10.151.87.76:8080/1/tlc/ping
curl http://ip-10-151-87-76:8080/1/tlc/ping
curl http://ip-10-151-87-76.ec2.internal:8080/1/tlc/ping
All of these gave me "couldn't connect to host" errors.
If I log onto the RESTful box directly and do the following, it works.
curl localhost:8080/1/tlc/ping
So I know my service is up and healthy.
Any ideas why I can't see port 8080 from the other instance are appreciated.
Make sure instances are in the same availability zone. If not, you may need to access the instance by public DNS name (something like ec2-XXX-XX-XXX-XXX.YYY.amazonaws.com).
Make sure 10.151.87.76 is the correct IP. Note that this will probably change after the instance is stopped and started again.
Make sure your headless service is publicly available -- it may listen on localhost:8080 only but should listen on 0.0.0.0:8080. Try nmap 10.151.87.76 -p 8080 from other instance, it should list 8080 as open port.
Make sure your headless service is publicly available << so this is the reason. What web server are you using for REST API? If it is Apache, make sure config says Listen 8080, not Listen 1.2.3.4:8080. If it is standalone app, make sure it can listen on all interfaces -- some clients will listen on localhost by default. – hudolejev 54 mins ago
This! Buried deep (deep) within my code was a piece of the server wired to "localhost". Changed that to key off hostname and all was well! Happy.