I have a curl command which works fine on my local system,
however the same command when run from an EC2 instance gives the error
curl: (6) Could not resolve host: qasu-cmx1.uto-netcom.org
Ive kept HTTP and HTTPS open to the world in the security group of the EC2 instance.
Any thoughts on what could be the possible reason?
Related
First, good morning. After running a DigitalOcean internet tutorial that taught how to set up a web server with Django, I had problems connecting via SSH, however, the site continues to run and accept HTTPS connections without any obstacles on the web.
To check availability, I pinged [Public IPv4 Address] [Public IPv4 DNS] and got no response. Since my website has a purchased DNS, I tried to ping [my website's private DNS] and also no response.
I researched possible errors and I'm already advancing: My security group has the rules: HTTP 80, SSH 22 and HTTPS 443 with any source of IPv4 released. So much so that I did all the server configuration via SSH.
I had already done this process before and had the same error, but since it was a test server, I didn't pay much attention. But now, after performing a change from HTTP to HTTPS (to make the site secure) it happens again!
Here are the tutorials:
Installing the webserver: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-18-04
How to secure Nginx (HTTP to HTTPS): https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04
Any help is welcome and I thank you in advance!
So, in the tutorial (https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04), in the part "Step 3 — Allowing HTTPS through the firewall", to check the status of the Firewall the following command was used:
$ sudo ufw status
But the output was:
Output:
Status: inactive
To work around this problem, I ran:
$ sudo ufw enable
Output:
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
However, AWS itself provides a Firewall system in connection permissions of groups related to the instance.
That way, I ended up "turning off" SSH and only allowing HTTPS traffic, so my server kept running.
So, summary: I couldn't connect via SSH due to running a manual Firewall that overrode the EC2 Instance's Groups control
Thank you for trying to help me! Success!
I have configured a Hashicorp Vault server on a EC2 instance. When trying to use postman to test transit secret engine API I keep getting a error connection refused on postman, I went full ape mode and opened all ports on the security group inbound rule and it didn't work, I attached an elastic IP to the instance and didnt work either, im just trying with a simple GET and I just keep getting the same connectionrefused error.
When I use cUrl on the ssh connected session i have no issues though. The specified hosted adress is 127.0.0.1:8200, in postman I replaced that localhost with the public adress of the instance that i obviously censored in the screencap, in the headers theres the token needed to access vault, for simplicity I was just using the root token.
Postman screecap if it helps
#Emilio Marchant
I have faced similar issue (not with postman, but with telnet), Let's try to understand problem here.
The issue is with 127.0.0.1 IP. This is loopback IP and When you (or your computer) call an IP address, you are usually trying to contact another computer on the internet. However, if you call the IP address 127.0.0.1 then you are communicating with the localhost – in principle, with your own computer.
Reference link : https://www.ionos.com/digitalguide/server/know-how/localhost/
What you can try is below.
Start vault dev server with --dev-listen-address parameter.
Eg:
vault server -dev -dev-listen-address="123.456.789.1:8200"
in above command replace '123.456.789.1:8200' with '<your ec2 instance private IP : 8200'>
Next set VAULT_ADDR and VAULT_TOKEN parameter as below
export VAULT_ADDR='http://123.456.789.1:8200'
export VAULT_TOKEN='*****************'
Again replace 'http://123.456.789.1:8200' with 'http://[Your ec2 instance private IP]:8200'
For Vault_token : you should get a root token in console, when you start vault server , use that token
Now try to connect from postman or using curl command. It should work.
Reference question and solution :
How to connect to remote hashicorp vault server
The notable thing here is that the response is "connection refused". This error means that the connection is getting established and it found that there are no processes running on that port. This error means that there is no issue with firewall. A firewall will cause the connection to either drop (reject) or timeout (ignore), but won't give "Econnrefused".
The most likely issue is that the vault server process is not bound to the correct network interface. There must be a configuration in hashicorp-vault to setup the IP on which to bind. Most servers, by default, bind only on loopback address which is accessible only from 127.0.0.1. You need to bind it to "all" network interfaces by changing that to 0.0.0.0. I am not aware of the specific configuration option of hashicorp vault, but there has to be something to this effect.
Possible security issue:
Note that some servers expect you to run it behind a reverse proxy so that you can setup SSL (https) and other authentication if needed. Applications like vault servers should not be publicly accessible on http without SSL.
I have a file on a server located at let's say: https://example.com/myfolder/file.gz
The domain example.com is protected by inbound rules such that I can only access it by connecting to a VPN.
So on my personal hardware when I try to download the file by using curl -O https://example.com/myfolder/file.gz, it gives me "Unknown host error". However, when I connect to VPN via Cisco AnyConnnect and then hit the curl command, file.gz gets downloaded.
Now what I want is to enable an AWS EC2 instance to be able to download file.gz by executing curl command. However, when I SSH into my EC2 instance and execute the curl command, it gives me the same "Unknown host error" as expected.
I have searched around VPC, ENI, OpenVPN and other AWS offerings but since I'm a beginner to AWS I didn't quite understand what could be the solution to my problem.
FYI - One way to possibly resolve this issue would be to create an elastic IP and whitelist that in the server that I'm trying to access, (in this case example.com) but I want to create more EC2 instances trying to do the same thing, so it would become tedious to manage.
I'm trying to connect from an ec2 micro instance to the following domain: http://www.bnm.gov.my but it seems to be blocked.
I have tried doing a simple request using curl.
curl http://www.bnm.gov.my
which gives me the following error:
curl: (7) Failed to connect to www.bnm.gov.my port 80: Connection timed out
I tried wget
wget http://www.bnm.gov.my
and get the following error:
--2018-10-31 14:33:06-- http://www.bnm.gov.my/
Resolving www.bnm.gov.my (www.bnm.gov.my)... 103.6.236.129
Connecting to www.bnm.gov.my (www.bnm.gov.my)|103.6.236.129|:80... failed: Connection timed out.
Retrying.
Also, a traceroute times out.
I can access the website from my computer as well as websites like downforeveryoneorjustme dot com and uptrends to check if there are any issues with the website but it seems to be my amazon instance.
I have access to internet, I can request other websites using curl... but this particular one isn't working...
I appreciate any ideas you may have as to how to fix this!
Current ACL Configuration for VPC. (The instance is running within a VPC)
Outbound
Rule # Type Protocol Port Range Destination Allow/Deny
100 All IPv4 traffic all all 0.0.0.0/0 ALLOW
* All IPv4 traffic all all 0.0.0.0/0 DENY
Hi I have been using Amazon Ec2 server and I am trying to call to this server using curl from another server(php) which is hosted in godaddy.
While calling I am getting the below error
Error: "Failed to connect to ec2-**-**-**-**.us-west-2.compute.amazonaws.com port 8080: Connection refused" - Code: 7
Can anyone tell me about what is the actual issue.
Note: While trying to connect this through rest api tool it is working fine.
Make sure, the security group for the ec2 instances has the inbound rule from Goddaddy's IP range or set to all (0.0.0.0/0) with port 80 and 443.