I have a local web server running:
https://localhost:5555
Everything things in my laptop.
And let's say that I have bought my own domain abc.com.
What would be the easiest way to deploy this to abc.com in Google cloud?
Set up a VM machine and running the same program inside the machine.
Get the external (public ip) and open the port 5555 in network setting.
Now it works perfect, if I go to my $PUBLIC_IP:5555
But I can't figure out how to map these to my DNS so that if people click abc.com, then it redirects to my $PUBLIC_IP:5555. Is there any easy way to do this without setting up nginx or separate web server to route traffic in Google cloud platform?
Thanks!
If people click on abc.com, their browser will default to port 80 rather than 5555. Assuming that your web server won't run on port 80 (or you don't want it on port 80), you can use iptables to translate port 80 to port 5555 like so:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 5555
That covers the port part of the problem. The other part of the problem is mapping the domain name abc.com to $PUBLIC_IP. To do this, you'll need to go to the service where you registered the domain name and add an A record which maps to $PUBLIC_IP. Here is Google's guide for how to do this with various registrars.
Related
I have an ec2 instance on which i login as:
ssh -L 5001:localhost:5000 sumit#<public DNS>
I have an application (superset) which I run as:
2020-04-01 08:18:24,531:INFO:root:logging was configured successfully
2020-04-01 08:18:24,620:INFO:root:Configured event logger of type <class 'superset.utils.log.DBEventLogger'>
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
2020-04-01 08:18:25,600:INFO:werkzeug: * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
Now when I open my browser and type, then it works:
http://127.0.0.1:5001/
I already have setup all http and https traffic:
Now when I change 127.0.0.1 to the aws public dns address it doesn't work. Please let me know what am I missing?
You method is using something call Port Forwarding.
This command:
ssh -L 5001:localhost:5000 sumit#<public DNS>
is saying: "Please SSH into the instance, and also forward port 5001 on this computer to the other computer, and ask it to send the traffic to localhost:5000."
Therefore, any traffic sent to port 5001 on your computer will be forwarded to port 5001 on the target computer. This is a good way of preventing other people from being able to access port 5000 on that computer, unless they are able to SSH into the instance (presumably using a private key).
Accessing http://127.0.0.1:5001/ means it will go to port 5001 on your computer. It would be the same as going to http://localhost:5001 on your own computer.
The flow is: 127.0.0.1:5001 -> via SSH connection -> localhost:5000 on other computer
Changing it to http://DNS-NAME:5001 will try to connect to port 5001 on the destination computer, which is not a port that is in use. You could try changing it to connect to http://DNS-NAME:5000 (which is the port where the application seems to be running) and opening the Security Group to allow port 5000, but that would probably violate the security that somebody probably wanted to put in place.
I am relatively new to AWS and I've been looking at quite a few tutorials for the past couple of days trying to figure out how to make my AWS ubuntu instance accessible from the browser.
What I've done:
1st: I configured security groups to accept all traffic for ssh, http, https just to see if the public DNS listed in the instance is accessible.
2nd: I changed the IP of my instance to an elastic IP
3rd: I wrote a simple node.js file that listens on port: 9000 and console.logs 'hello world'
For some reason ssh works, and I can run my node.js file, but agina I cannot access the remote instance from the browser.
Any help would be greatly appreciated since I've been on this for a couple of days
Thanks!
Thank you everyone for the quick responses!
My issue was I did not include a TCP rule to my specific port. Now I am able to access that port via ec2-DNSNAME:9123.
And, just to clarify, if I want to host that DNS for all traffic I should specify 'anywhere' for the TCP rule, correct?
I configured security groups to accept all traffic for ssh, http, https
In security groups, "HTTP" does not mean "HTTP on any port"... it means "any traffic on TCP port 80" -- 80 being the standard IANA assigned port for HTTP.
Security groups are not aware of the type of traffic you are passing, only the IP protocol (e.g. TCP, UDP, ICMP, GRE, etc.) and port number (for protocols that use port numbers) and any protocol specific information (ICMP message types).
You need a rule allowing traffic to port 9000.
Firstly go to your EC2 and see if curl http://localhost works..
Also, if you are exposing your nodejs on port 9000 ; did u open 9000 also on security groups or not ?
Few things to check:
Security groups
Subnet NACLS (these can function as a subnet level
firewall, but unless you've messed with these they should allow all
traffic.)
On the server if you run netstat -na | grep <PORT> do you see your
application listening on the correct ports?
You may also check your system for a firewalls that could be short circuiting the requests.
If the above doesn't point you towards where your issue is you can grab tcpdump and filter it just for requests coming from your web browser (e.g after installing tcpdump -vvn host 10.20.30.40 port 8000 Substitute your ip and port). This will let you know if you're running into a network issue (Packets aren't reaching the server) or if its something with the app.
I'd also recommend using IP addresses while doing your initial troubleshooting. That way we can establish it is not network/server configuration before going into DNS.
I'm a total newbie when it comes to servers and EC2 but I have an EC2 instance running which was stopped and restarted. Since that I haven't been able to connect via a web-browser to the site but can connect via SSH. Are there any ideas why this could be the case?
Here is the debug checklist:
Check your server, make sure it is up and running in AWS management console.
Check port security setting, from your local machine. If it is close open it in security group.
telnet your_ip 80 # Check http port
telnet your_ip 22 # Check SSH port
Check your web server, Apache, Nginx, etc. If you cannot find your process, start it.
ps -ef | grep -e nginx -e httpd -e apache
Check your virtual host config, make sure you web server is listening to port 80 (http) or 443 (https).
Run chkconfig and make sure your web server will start as a service.
Check the security group in your instance property, it is probably allowing only SSH (default), you may want to add a inbound rule allowing HTTP traffic.
I have an ec2 free instance working as well as elastic IP, S3 and RDS. There is a folder with the sources of my application at /home/ubuntu. I run a built-in server inside this folder:
$ /home/ubuntu/my_app play run
It's running at port 9000 (at my_app folder). I have A and CNAME records at route53, but they point to the static html pages-stubs at s3, I did it for simplicity and, of course, they shouldn't point to the static pages.
I wonder, how do I make this running Play application visible from outside? I have no idea where in ec2 (or in route53) look for and set it. Obviously, I want it to be accessible as my_custom_domain.com (which I have) without specifying the port (my_custom_domain.com:9000).
To change your port from 9000 to 80 - If you work on ubuntu you can use iptables
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 9000
This will route all traffic coming from port 9000 to port 80
To map your elastic IP to my_custom_domain.com from the documentation:
Create a resource record set in your hosted zone. For Type, choose A –
Ipv4 address. For Value, specify the Elastic IP address for your
Amazon EC2 instance. For more information about creating a resource
record set, see Working with Resource Record Sets.
If you want to run several applications on the same server, each on a different port, but serve them each on a different DNS (for example: http://www.my_domain.com for port 8080, and http://m.my_domain.com for port 8081), you might want to use ELBs which can do port forwarding from port 80 to the application port.
With this configuration you can map each ELB as an Alias on a Route 53 Record Set.
I have 2 instances set up in EC2. One is running nginx and has an association with the elastic IP address, so its publicly accessible.
The other doesn't have a web server but has a RESTful server running on port 8080.
Both belong to a security group with these rules:
Ports Protocol Source MongoDB-2-2-2-AutogenByAWSMP-
22 tcp 0.0.0.0/0
80 tcp 0.0.0.0/0
8080 tcp 0.0.0.0/0
If I understand that right then port 8080 should be open.
If I ssh onto my web box (with nginx running) I'm trying to test access to my RESTful server on the other instance:8080, so I tried:
curl http://10.151.87.76:8080/1/tlc/ping
curl http://ip-10-151-87-76:8080/1/tlc/ping
curl http://ip-10-151-87-76.ec2.internal:8080/1/tlc/ping
All of these gave me "couldn't connect to host" errors.
If I log onto the RESTful box directly and do the following, it works.
curl localhost:8080/1/tlc/ping
So I know my service is up and healthy.
Any ideas why I can't see port 8080 from the other instance are appreciated.
Make sure instances are in the same availability zone. If not, you may need to access the instance by public DNS name (something like ec2-XXX-XX-XXX-XXX.YYY.amazonaws.com).
Make sure 10.151.87.76 is the correct IP. Note that this will probably change after the instance is stopped and started again.
Make sure your headless service is publicly available -- it may listen on localhost:8080 only but should listen on 0.0.0.0:8080. Try nmap 10.151.87.76 -p 8080 from other instance, it should list 8080 as open port.
Make sure your headless service is publicly available << so this is the reason. What web server are you using for REST API? If it is Apache, make sure config says Listen 8080, not Listen 1.2.3.4:8080. If it is standalone app, make sure it can listen on all interfaces -- some clients will listen on localhost by default. – hudolejev 54 mins ago
This! Buried deep (deep) within my code was a piece of the server wired to "localhost". Changed that to key off hostname and all was well! Happy.