I have hosted my MEAN project over aws ec2 (mean bitnami hvm) instance. It is running on port 3000 and I am able to access my instance in the following way:
ec2-xx-xx-xx-xx.amazonaws.com:3000
I want to access the instance without the port number (3000), i.e.: ec2-xx-xx-xx-xx.amazonaws.com
How can I do this?
Run this port forward command on your EC2 instance.
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3000
And your port 80 will be redirected to port 3000.
Run your application on port 80 instead of port 3000, or run a proxy (like nginx) that allows you to map ports and paths as needed.
Related
A GlassFish application hosted in a Google Cloud VM Instance is running in port 8080. I need to direct traffic of default port 80 to port 8080. What is the best way to achieve that?
I tried to set port 80 as GlassFish port, but failed as on Ubuntu we can't listen on a port lower than 1024.
You can use the Linux feature iptables to redirect traffic received on one port to a different port.
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
/etc/init.d/iptables save
Double-check the documentation as you do not mention the version of Linux that you are running.
Create an instance group for your VM. Create a Load Balancer with that directs external port 80 traffic to port 8080 on your VM.
I have a simple VPC on Amazon EC2 with two instances: an SFTP server, and a web server. I want to route incoming traffic from the internet on port 22 to the SFTP server and ports 80 and 443 to the web server.
I'm having trouble finding exactly how to do this. It's extremely simple with all hardware routers I've ever used.
Can anyone point me to documentation/examples/or just tell me how to do it?
Edit:
I wasn't clear that I want remote hosts to be able to make a request to a single IP address, but on different ports, and have different ports routed to different instances; I already have my security groups set so I can accept traffic to the public IP addresses of each instance.
Below are the steps you will need to follow to achieve your use case.
As you said both servers are in VPC you need to make sure they are
in a Public Subnet with a internet gateway attached to it.(This can
be achieved in Private subnet too but will become more complex
process for you) For more information check this
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario1.html
EC2 Server 1 for SFTP you need to open SSH port 22 in the security group by adding your IP address or open to world rule. Then you can SFTP using your preferred SFTP client.
EC2 Server 2 for port 80 and 443. you need to add two rules in the security group for your instance. Check below screenshot. Once that is done you will be able to route http traffic through port 80 and 443.
More information on security groups is here.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
About your Edit. You have to run a instance in front of both the instance.
Add a HTTP proxy to this new created instance. And then the port redirect should be achieved using IP Tables. Check this below IP tables config you need to add to that server. Let say your HTTP proxy server is Server 1. Port 22 server is Server 2 and Port 80 and 443 Server is Server 3. So Server 1 IP tables will have below rules.
#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <Server3-IP>:80
iptables -t nat -A POSTROUTING -p tcp -d <Server3-IP> --dport 80 -j SNAT --to-source <Server1-IP>
iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination <Server2-IP>:80
iptables -t nat -A POSTROUTING -p tcp -d <Server2-IP> --dport 22 -j SNAT --to-source <Server1-IP>
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination <Server3-IP>:80
iptables -t nat -A POSTROUTING -p tcp -d <Server3-IP> --dport 443 -j SNAT --to-source <Server1-IP>
As of today, Amazon Elastic Load Balancers have a new "Application Load Balancer" mode which supports routing requests to different EC2 instances based on things such as the HTTP path, and port.
To set this up, do the following:
Create a new ELB, using the new "Application Load Balancer" mode.
Create one target group for port 22.
Add your EC2 instances that will be the SSH targets to this target group.
Create another target group for ports 80 and 443.
Add your EC2 instances that will be the HTTP/HTTPs targets to this target group.
Using this system, SSH requests to the ELB will be forwarded to the SSH instance, and HTTP/HTTPs requests to the ELB will be forwarded to the web servers
I am unable to connect to my EC2 instance via its public dns on a browser, even though for security groups "default and "launch-wizard-1" port 80 is open for inbound and outbound traffic.
It may be important I note that I have a docker image that is running in the instance, one I launched with:
docker run -d -p 80:80 elasticsearch
I'm under the impression this forwards port 80 of the container to port 80 of the EC2 instance, correct?
The problem was that elasticsearch serves http over port 9200.
So the correct command was:
docker run -d -p 80:9200 elasticsearch
The command was run under root.
I'm running Bitnami MEAN on an EC2 instance. I can host my app just fine on port 3000 or 8080. Currently if I don't specify a port I'm taken to the Bitnami MEAN homepage. I'd like to be able to access my app by directly from my EC2 public dns without specifying a port in the url. How can I accomplish this?
The simple way to do that is Port Forwarding by using below command:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
After logging into the AWS using putty by having private key & with username "bitnami". Type the above command & enter.
Then, you will automatically redirected to your application.
Note : I am assuming, you have already configure port 8080 to security group on AWS
You'll have to open port 80 on the server's firewall, and either run your server on port 80 or forward port 80 to port 8080. You'll need to lookup the instructions for doing that based on what version of Linux you are running, but it is probably going to be an iptables command.
You'll also need to open port 80 on the EC2 server's security group.
I have set up an Amazon ec2 server but I want to open port 2195 and 443.
I already added ports from security group in Amazon console.
When I listen port using
netstat -anltp | grep LISTEN I got only two ports 23 and 80.
I also checked if ubuntu firewall is blocked or not.
Please help me.
After you add the ports in EC2 Security Group, they are ready to be used by any process. Restarting your EC2 instance is also not needed.
netstat -anltp | grep LISTEN
will start showing the new ports as soon as some process is started which LISTEN on them
Just restart the e2 instance and check it and make sure you have the saved the security group settings after adding the new ports.
iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport PORT_NO_U_WANTED_TO_OPEN -j ACCEPT
try this .
you can disable iptables on ec2 because because there is security group on console to limit open port, but here my solution if you still want to using it:
manual edit file /etc/sysconfig/iptables with the following step
flush iptables caches
iptables -F
edit the file
nano /etc/sysconfig/iptables
add you port and make sure the line like
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
and not
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
save and restart iptables
service iptables save
service iptables restart