I have a load balancer and EC2 instance with AWS. I had problems with e-mail restrictions and was recommended to use an elastic IP. I then read somethere that you can't use elastic IP and a load balancer so I removed the elastic IP. I can no longer access my instance even when I've rebooted it and waiting 2 hours later. I can ping it (after enabling ICMP with network security) but I can't SSH or go to the web server. All the network settings remain, which included allowing TCP ports for HTTP and SSH. Does anyone know what has happened to make port 80 and 23 no longer accessible? This is a real nightmare for me because I did a bit of a marketing campaign, got increased traffic, noticed emails weren't getting sent, then in an attempt to fix that I've screwed the server completely so the website is down at the worst possible time :(
I fixed it all up. This isn't a direct solution to the problem, more like a workaround. I couldn't connect to that server no matter what, so I created a new instance and that worked. It was as if the Linux server itself was corrupt, not the AWS settings. I detached the volume from the old instance and attached it as a secondary volume on the new instance. When I logged into the new instance I was able to mount the secondary volume as a new drive and I just copied the files over that way. I don't have a bloated server so this wasn't really a big deal to pull off. Anyway, if you can't log in to a server anymore, you can always mount it to a new instance and access it via the file-system
Related
I am trying to upgrade my hosting from the 1GB RAM to the 2GB RAM instance from an existing Plesk Lightsail snapshot to another Plesk instance. I was able to create a larger instance and load the snapshot successfully. I was able to access the files via FTP and the databases were all present as expected. However, when I logged into Plesk via {NewStaticIP}:8443/ (using the same credentials as I did with my old instance), I was able to login but the IP address shown was still the old one.
The mistake I made was that for my old instance, I had not assigned a static IP and was using the default public IP provided by Lightsail. If I had defined a static IP to the old one, it would have been easy. I would detach the static IP from the old and attach it to the new and there would be no need to make any change in the DNS records even.
However now, even if I change the A record to point to the new Static IP I've assigned to the new instance (I use Cloudflare), it propagates instantly but shows me a "Web server is down" (Cloudflare error 521). This is confusing me because the server has been set up and I can access it via FTP. Ports 80, 443, 8443, 8447, 21, 22 are all open as well.
When I try to access the website using the static IP, it shows an error that the server refused to connect.
In addition, via Plesk Tools, I was able to change the IP address shown for that server but I also read that it's not the best way to change the address of the server so not sure if this helps or not.
Any help regarding this would be much appreciated. Thank you...
Is it possible to upgrade EC2 instance without changing existing public IP address? My mobile application is live and unfortunately we didn't use elastic IP in web services. So if I upgrade current instance, it will generate new public IP and the old application users won't be able to use mobile application.
Is there any way to keep current IP as it is? Or any other way to upgrade it without loosing existing users? Please suggest.
Consider this a lesson as to why you should use a load balancer and a DNS entry, especially for anything public-facing. What were you going to do if you the instance failed? Or the availability zone went down?
Personally I would spin up a set new larger instances behind a load balancer, create a Route53 DNS entry that points to the load balancer, and then release an update to the client that points to the DNS entry. As clients update, traffic will gradually move to the load balancer. The undersized single instance's load will drop, so if it is overloaded it will eventually return to normal. Eventually you can kill the old instance when all/most clients have upgraded.
It depends on what sort of software you are running exactly
If you have an application that is sessionless then it would be simple to bring up another server on a different IP and then use route53 to switch over the traffic, with both servers running at the same time
If the application is stateful though and if it stores the sessions locally on the host then that's more of a problem
One possible approach is to bind an elastic ip to the running host, reconfigure your software to listen on all addresses ( a lot of configuration controls allow this with an address of 0.0.0.0 ) then change DNS and gradually see the traffic migrate to the elastic IP, while both addresses work
Once the new address is fully in use (depends on your TTL) it becomes much easier to switch to a new host by reassigning the EIP
My Amazon EC2 small instance stopped responding, I looked at the AWS console and CPU use had gone through the roof. I tried rebooting instance but it didn't respond. So I stopped it and started it again (twice).
Now says the CPU usage is fine (was triggering an alarm when breaching 90%) but still can't login via SSH and Apache is not working (my sites are down).
Anyone give me any idea how I can sort this out? I'm out of my depth a bit as unfamiliar with the ins and outs of EC2.
EDIT: console log http://pastebin.com/JWFeG7NU shows Apache, SSH, etc starting up fine but I can't access via SSH and no response to pinging website hosted on server.
If you have stop/started your instance and you were not using an elastic IP address, your instance IP has changed.
If you were using an elastic IP address, it would have become disassociated.
If you do have applications that are causing you to exceed the allocated CPU, other applications such as ssh, may become slow to respond or not respond at all within the timeout.
I've read a lot of questions already posted on this topic but none seem to provide an answer that helps, so forgive me for the duplicate post if I missed one...
I setup an elastic beanstalk single instance application. I then ensure'd the EC2 instance that it spawned had a security group to allow port 80 incoming requests. I then created an elastic ip and associated the EC2 instance with the ip, but neither the public dns or the elastic ip will respond to http requests.
Any ideas why this might be an issue for me?
In my case the problem was, even though I'd associated my elastic IP to my instance and created firewall rules in new security groups to provide access, I hadn't associated my new security groups with my instance. To fix this, I used the Change Security Groups menu from my Instances screen:
This caused the following popup to appear, where, sure enough, my new security groups existed but weren't associated with my instance:
After I (1) checked the appropriate boxes and (2) clicked on Assign Security Groups, all was well.
In classic-EC2 scenario:
Make sure port 80 is allowed in your AWS security group.
Make sure port 80 is allowed in local operating based firewall on your system. OR disable the local firewall for the time being to narrow down the issue.
Make sure that your application is indeed listening on port 80. You can check this by running telnet 127.0.0.1 80.
If above 3 points are satisfied, I don't see a reason why you are not able to access your application on port 80.
Let us know in case you are using VPC and not classic-EC2.
BTW, when you attach elastic IP, the instance will drop the public DNS that it had earlier. So now you should work with elastic IP only.
I have had a case where the elastic IP address was itself not responding on a specific port number. When I associated the instance with a different elastic IP, everything worked fine. So I resolved the issue by allocating a new elastic IP address. Root cause: Amazon evidently does not have an effective internal process for validating the integrity of an elastic IP. Obviously that's a tall order considering the things outside their control that can happen, with denial of service attacks and etc.
It cost me a day of doing progressive isolation to get to this, which I would have never otherwise suspected.
Any chance there is also a firewall running on the machine? I know in windows I usually need to open the port on the windows firewall AND on amazon's security.
I had a Micro Instance from which I created an AMI Image. I then upgraded to a Large Instance with this Image in tow and assigned an elastic IP Address. I changed my A Name to point to the new IP and, according to a reverse DNS lookup service, my DNS appears to have propagated correctly (cranku.com).
I created a virtual host for the domain name and restarted apache. And, yet, the domain is not responding to my requests. Could I be missing something here?
I am deploying Django with Mod Wsgi on Apache. I have moved MYSQL to a mounted EBS volume but that seems to be working here (and it worked on the instance from which I created the AMI). Restarting Apache works (/etc/apache/init.d/restart). Do I have to configure it in any other ways.
Any clues on how to proceed?
I can reach your ssh server on the machine, but attempts to reach the webserver here are failing too, in a manner that makes me think the packets are being DROPed rather than REJECTed. Have you authorized port 80?