I am trying to run NiFi on an AWS machine and access the web GUI on my local computer.
I have followed guides such as: https://community.hortonworks.com/articles/47778/hdf-installation-on-ec2.html but whenever I type in the DNS:8080/nifi into my web browser I get a "connection refused" or timed out message.
I have created an AWS Red Hat machine, installed NiFi + java, and edited the nifi.properties file such that it is now:
# Site to Site properties
nifi.remote.input.host=ec2-34-224-216-146.compute-1.amazonaws.com
nifi.remote.input.secure=false
nifi.remote.input.socket.port=
I have tried leaving the port number blank, as well as other numbers such as: nifi.remote.input.socket.port=8082
but neither work when I enter
ec2-34-224-216-146.compute-1.amazonaws.com:8080/nifi into my browser.
I have also tried adding the domain to my local computer's /etc/hosts file in the form of the Public DNS as well as IPv4. I have also configured the security group on AWS such that I have a "Custom TCP Rule" with the port range 8081, 8082, etc. for the respective ports I have attempted.
I am not sure what I am doing wrong or if I am missing a step. Any help is appreciated.
The properties you are configuring are for site-to-site connections and are not related to the UI. These would be used if another NiFi or MiNiFi was making a site-to-site connection to your NiFi instance.
To control the UI you should be configuring:
nifi.web.http.host=
nifi.web.http.port=8080
nifi.web.https.host=
nifi.web.https.port=
Related
I have a Spring boot project which I want to host on an AWS-EC2 instance. I was able to create its image using Git-hub, Jenkin and docker. I was also able to successfully pull and run this image in the Linux console of my AWS-EC2 instance.
According the tutorial I was following I should have been able to open the project now using the public IPv4 DNS but the response I got was that it refuse to connect.
I know that this usually has to do with Inbound rules so I added a rule to allow all traffic but it didn't help.
For anyone who wants to know:
Git-hub repository: https://github.com/SalahuddinShayan/telecom
Docker-Hub repository: https://hub.docker.com/repository/docker/salahuddinshayan/telecom
Command I used to run the image in AWS:
docker run -p8081:8081 --name final-app --link docker-mysql:mysql salahuddinshayan/telecom
Security Groups:
Networking Details:
Here is the Error:
I am completely stumped by it. Does anyone an idea on what to do to fix this?
Please check if your client is calling the right protocol, e.g. http vs https.
You are transmitting on port 8081. http://3.110.29.193:8081/ works fine from the EC2 side. 404 status is raised, so this is a client side error, not a server side error.
It means that no firewall is blocking traffic and a process (your app) was found that listens on IP:Port that you require. The problem is that the process it encountered (your app) is sending only a WhiteLabel Error Page, which is a generic Spring Boot error page that is displayed when no custom error page is present. So the issue is with the Spring app itself and not with EC2 or with connection. In other words: the traffic can reach your Spring app, but your Spring app has nothing to say in response.
As a side note, after deploying your app I would advise to refine the inbound traffic rules to allow only the traffic you want. There is no need of allowing all traffic on all ports.
This could be possibly a duplicate question, but I've tried every solution I found and nothing worked. On main domain, I've successfully installed SSL and it is working fine. I need to install the same wild card SSL on other two instances which are using for subdomain.
The overall structure I've setup so far is as follows -
Cloudflare is using for CDN where I've created A record for all 3 instances. One for main domain and other 2 for subdomains.
Created 3 instances (Ubuntu 18.04 + Apache) on AWS EC2
When I am hitting subdomain in browser, it is showing lock sign but with Error 521 : Web server is down
but When I am trying it with default Public DNS, it is showing my page without any error.
Please suggest what is missing here. Thanks much!!
The 521 error from CloudFlare indicates that it is unable to speak to your host on that port.
Error 521 occurs when the origin web server refuses connections from Cloudflare. Security solutions at your origin may block legitimate connections from certain Cloudflare IP addresses.
The two most common causes of 521 errors are:
Offlined origin web server application
Blocked Cloudflare requests
Please check the following:
The EC2 security group is allowing inbound access on both port 80/443 (this cannot be locked down to your IP address).
If a NACL is in place (which is not the default one) ensure that both the communication ports (80/443) and the ephemeral ports are open.
Ensure that the servers are listening on both port 80/443.
It is important to identify whether CloudFlare it attempting to connect to HTTP or HTTPS, it can support both of these models based on the configuration.
If you're still stuck after these points you can attempt to validate the requests going to your server using VPC Flow Logs.
Finally, this answer gave me a hint How to install third-party SSL Certificate with AWS EC2 Instance (Ubuntu AMI)? Will it cost one-time or monthly basis?
And I resolved this error as follow -
1. Downloaded the certificate files from primary server
2. Uploaded the same certificate files to the secondary server where the subdomain is pointed
3. then edit /etc/apache2/sites-available/default-ssl.conf file on secondary server, search for "SSLCertificate" and change the following lines
4. Enable the SSL configuration, and restart the webserver.
ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/
apachectl configtest
apachectl graceful
I didn't find such guide or articles how to do it for ElasticSearch hosted on Windows server.
I have the EC2 amazon windows instance which running ElasticSearch server on port 9200, but I can't achieve it by _ec2_ip_adress:9200 outside the server.
I completely sure that all TCP ports are opened in amazon security group rules, I've turned off the firewall on the server as well.
So that is the problem in ElasticSearch configs.
Can someone help me with that?
Well but you know that then any body would be able to delete/create stuff in your index until you have shield.
If you really want to open it, also make sure that in windows firewall you opened port 9200.
So what i would do i would probably restrict in firewall on in Amazon access to this port for specific IPs (Actually in my project i am doing that :) )
There is one more thing to check on which IP is runned as soon as i remember ES will run on private IP. Look to network.host default is __local__. Try network.host: 0.0.0.0
I've had success building the Angular2 Quickstart app on my local machine, but I'd like to jump forward to setting it up on an AWS instance. The issue is that I ssh into the instance and so the npm start command doesn't load the app into my local browser. Even the "External" addresses provided don't work, even with an elastic IP assigned and the corresponding port opened. I've also looked through the node_modules/lite-server files to update any necessary configuration changes, but I haven't found how to alter it properly.
Can anyone point me to some resources that can help me get started wit angular2 on AWS?
So, first, there are some differences between your localhost and the aws EC2 instance.
Your computer is a graphical computer with a browser, the ec2 vm is just a command line based linux server and has no browser installed on it.
npm start, just like "grunt someTask" has extra stuff built into the steps that wouldn't make sense on a linux server... i.e. automatically opening your browser window and doing live-reload for active development, etc.
the EC2 vm is a place where you want to treat it more like beta server or production server, meaning that you dont start and stop your app with npm start, instead you want to start it with node yourAppFile.js, and you are merely running it to see if it works. You don't develop here.
Also, the ec2 vm itself is guarded / protected by a security group, and that allows very few ports to be accessed from the outside world by default, so you've got to go edit the "inbound rules" of the security group and add a rule that essentially allows: "custom" --> "the node port" --> "your IP". Doing so will make it possible to connect to it using the vm-public-ip:port-of-node-app which will look something like this in your browser: 56.128.17.42:3000. And because you put your own IP in that rule, no other IP addresses would be able to load it in their browsers... just you. If you were to say "0.0.0.0/0" in the ip field, that allows all users anywhere to connect.
I would test with curl on your local machine to make sure it's up and running. You can do that with "curl http://localhost:3000/ (change 3000 to whatever port you are running on).
If that is working okay, you may have an issue with security groups. Go to the security group topic on the EC2 page and select the security group for your server and make sure that you have the port opened from your IP address (you can google "what is my ip" if you don't know it). You can just open it the whole world if you're not worried about security.
I have set up a a micro EC2 instance on AWS. Currently, I am using the free tier in Oregon. There are two problems which I am facing.
When I try to SSH the instance using the public DNS, it says host does not exist but when I try conencting it using the public IP, it connects to it. What setting is needed to use the public DNS ?
I have opened the SSH client using the IP address. I want to set up my application which needs Node.js and MongoDB. I installed Node.js using this
Next I installed MongoDB using this
Then I connected to my instance using Filezilla and uploaded my code to it. I then start my node application which uses socket.io.
When I try to connect to socket.io server using web browser, I get a message which says connection refused "error 111". I have opened TCP port 80 in instance's security groups. In iptables, I have forwarded port 80 to 8080, but still it does not work. I have also checked that the firewall is disabled in ec2. Kindly help me to resolve this issue.
Did you check if all of the necessary ports are open on Amazon Security Policy?
What you can do is to allow all traffic on Amazon Security Policy for test and see if the connection goes well or not.
You might also check if you need access DB from outside. In that case, you also have to open the mongodb port and setup mongodb correctly as well.
Other tools that might useful to test firewall and connection issue will be tcpdump and syslog file
For the dns issue, did you try to nslookup on that name and see if the IP shown matches your server IP?
As Amazon gives a long DNS hostname for the server, I always use my own domain name. It's much easier.
example : ec2.domainname.com, which points to the Amazon IP address
Hope that help.
My problem is resolved now..
For the DNS issue, earlier I needed proxy to access internet, so I guess the DNS name was not getting resolved. When I tried using proxy free internet, I was able to ssh using public DNS.
And regarding connection to socket.io, I used port 8080 instead of 80 and used "sudo node main.js" to run my node file. Now I am able to connect to the socket.io server and MongoDB.
Another thing which I want to ask is that would running the node file with sudo rights create some security issue ?
Thanks for the answer! That also worked for me. I had the same problem trying to connect through sockets (http://myipaddress:3000) to a node.js server, i tried opening ports on the actual ec2 instance and disabling the firewall through SSH but nothing worked. Had to go to Security Groups on the ec2 console and open a new inbound tcp rule enabling that port