Unable to open redis 6379 for inbound on AWS EC2 - amazon-web-services

I have two servers on EC2. One hosting my php application and other hosting my redis server. I am managing my php session and data on redis server. So on my php server I gave the ip:port as session save path and got the error FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught exception 'RedisException' with message 'Connection closed'
So I search on the web and came to know that I need to open port 6379 on my redis instance for inbound traffic. I opened it by setting a custom TCP setting in AWS security group but still the port is coming closed to outside world. But I am able to listen to the port on redis server itself. Am i Missing anything in the process? Do I need to make any other change somewhere. Please guide me on this. I am very much new to AWS management
On Instance 1: I am using php-fpm, nginx and phpredis
On Instance 2: Using Redis

Related

HTTP Connection refused to AWS EC2 instance

I'm trying to make a login HTTP request from the frontend (Angular app) to AWS EC2 instance but it ends up with (ERR_CONNECTION_REFUSED) error.
This would be probably a security group policy issue (from the internet) but correct me if I'm wrong. It was working perfectly before and got this error in a few days. If anyone can help me solve this problem.
I tried to resolve this issue by configuring security group inbound rules with specific port number but port textbox will be disabled when I select HTTP request type. I added a snap of it. Kindly correct me if I'm wrong in detecting the problem so I can make a solution for it.
It can also be due to the service not listening on the port that you are trying to connect to or not started or present. May be if the server running on the AWS instance if listening (and serving) to localhost or 127.0.0.1 / interface can also ignore connections from outside in which case it should be ensured the service listens on the appropriate external address.
AWS also checks to detect abuse. If somehow, some unknown applications maliciously got inside your EC2 instances due to publicly open port and triggered some unknown/malicious traffic, then in that case also AWS can block/shutdown those ports.
Connection refused error means it passed the security group and reached the server, so its definitely not a security group issue
Usually, this is related to the web server is down, maybe due to server restart, or process crash.
try restarting your webserver and check again
Check the status of you web server:
check nginx status
sudo systemctl status nginx
# if errors found reload:
service nginx reload
for apache
sudo systemctl status httpd
# restart if errors found:
sudo systemctl restart httpd
if you found nothing wrong check the log messages at /var/log

Unable to connect to webserver on AWS EC2 instance

I'm unable to connect to my EC2 instance where I have an apache web server running (also running an Express.js server on a different port). I have updated the security group to allow incoming requests to http and https ports but I continue to get this response in the browser:
This site can’t provide a secure connection
*********** sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I am able to ssh into my EC2 instance.
Other than ensuring that the correct ports are open and that a service is listening on those ports, is there any configuration needed to setup simple web server on EC2?
Current security group settings:
Currently open ports (sudo lsof -i -P -n | grep LISTEN):
There are some similar questions posted but they are either vague or have been left for dead
You need to install mod_ssl to tell apache to serve httpS connections.
You can use the default (or self signed certificate) to check the connectivity on port 443. If you need a valid ssl certificate, you can get one for free from Let's Encrypt: https://letsencrypt.org/
You can use CertBOT to auto renew certificates: https://letsencrypt.org/getting-started/

Deploying a Go app in AWS ec2 got connection refused

I have a compiled Go project that I want to deploy to an AWS EC2 instance. I just simply upload the application and run ./application on the remote server.
In the terminal, the application is running and says he's listening to localhost:3000.
I've already added the 3000 port to the security group.
However, when I tried to access it in my browser using <public-ip>:3000, it always shows connection refused, whether I've run the application or not.
I tried to run the app locally, it does work.
So is it because I deploy it incorrectly?
It is a bit difficult to help you because of no code being shared.
Some reasons why you got connection refused:
Your application is listening only localhost:3000
EC2 security group does not expose port 3000
How to fix:
Most applications are defining the host address on a config file or env variables. If you have access to change it, change it from localhost:3000 to 0.0.0.0:3000 to accepts connection from all IP or to your_ec2_public_ip:3000
If host address is hardcoded and you have access to code, change the code per above
If you don't have access to config or code to change the host address, then add a reverse proxy to route the incoming call to localhost:3000. This is a good link about using Nginx as reverse proxy https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
Ensure EC2 Security Group allowing inbound connection for the designated port, in this case, is 3000 if you manage to route the incoming to your_ip:3000

Sails.js app failed to connect to MySql database in AWS RDS database, works with localhost(MySql)

I am new to sails. I have created an app with Sails. I have deployed the app to AWS. App works with localDiskDb. When I try connecting to RDS, I get the following error. I have set up connection URL in sails.config.datastores.js. When I see my error message, my feeling is that Sails still trying to connect to localhost. But I did not find any other place to replace that settings. I hope it's enough to change only connection URL. I am running Sails app with developmenet environment locally.
adapter: require('sails-mysql'),
url: 'mysql://USERNAME:PASSWORD#.................amazonaws.com:3306/DATABASE_NAME'
Error message
You have to open the 3306 port in your EC2 instance.
Do this in Security Groups by editing the Inbound Rules and adding a new TCP rule for the 3306 port AND specify your IP (where the app connects from) in order to not allow everyone access this service.
I fixed this issue. I had used a '#' in my password. It ruined this all.

Cannot list or download files from AWS EC2 FTP server from Heroku app

I have an AWS EC2 instance acting an FTP server as described here:
https://www.xadmin.net/how-to-setup-ftp-on-aws-ec2-instance/
The EC2 instance has a security group with custom TCP rules to allow connections from any IP.
Connections via FileZilla and other FTP clients are successful.
I have a Spring Boot app that connects to this EC2 FTP server and it works locally. However, when deployed to Heroku, attempts at listing files or getting specific files hangs without any error.
The Spring Boot app uses the full public URL to the EC2 instance as the FTP host (ec2-xx-xxx-xxx-xxx.compute-1.amazonaws.com).
How do I allow the Heroku app to access the EC2 FTP server?
Most probably the server is misconfigured and sends its internal IP address in the FTP PASV command response.
While FileZilla and many other FTP clients can workaround that, Heroku probably cannot.
Check FileZilla log file for:
Server sent passive reply with unroutable address in FileZilla.
If this is the case, you will need to fix your FTP server.