I have tried running Beego on AWS, but no matter what I have tried, I can't seem to connect to port 8080, which is where Beego is running on. I'm not sure if it's an AWS or a Beego issue, but I can't seem to connect to port 80 either (I have tried to change the security group setting, including adding a new one to allow access to both ports). However, when I curl 127.0.0.1, a Beego template is there, but there is nothing at my E2 instance. I changed the app.conf file's httpaddr to 0.0.0.0, but that didn't seem to do much. How can I approach this problem?
Check you conf/app.conf file:
httpaddr = localhost
By default, beego can be configured to listen to localhost only (as stated in this answer).
Other issues include (for the AWS part):
configuring security groups to permit inbound access on port 8080.
disabled any Application firewalls like Windows Firewall or Iptables for that port?
checking netstat -anp|grep 80 and sudo iptables -L
For ubuntu, the OP dtrinh100 mentions in the comments having to:
get it to work by disabling iptables, but since I'm running Ubuntu, it was a little different.
I used the iptables command from "How to start/stop iptables on Ubuntu?", which allowed me to turn off iptables in Ubuntu.
Related
First, good morning. After running a DigitalOcean internet tutorial that taught how to set up a web server with Django, I had problems connecting via SSH, however, the site continues to run and accept HTTPS connections without any obstacles on the web.
To check availability, I pinged [Public IPv4 Address] [Public IPv4 DNS] and got no response. Since my website has a purchased DNS, I tried to ping [my website's private DNS] and also no response.
I researched possible errors and I'm already advancing: My security group has the rules: HTTP 80, SSH 22 and HTTPS 443 with any source of IPv4 released. So much so that I did all the server configuration via SSH.
I had already done this process before and had the same error, but since it was a test server, I didn't pay much attention. But now, after performing a change from HTTP to HTTPS (to make the site secure) it happens again!
Here are the tutorials:
Installing the webserver: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-18-04
How to secure Nginx (HTTP to HTTPS): https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04
Any help is welcome and I thank you in advance!
So, in the tutorial (https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04), in the part "Step 3 — Allowing HTTPS through the firewall", to check the status of the Firewall the following command was used:
$ sudo ufw status
But the output was:
Output:
Status: inactive
To work around this problem, I ran:
$ sudo ufw enable
Output:
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
However, AWS itself provides a Firewall system in connection permissions of groups related to the instance.
That way, I ended up "turning off" SSH and only allowing HTTPS traffic, so my server kept running.
So, summary: I couldn't connect via SSH due to running a manual Firewall that overrode the EC2 Instance's Groups control
Thank you for trying to help me! Success!
When I try to run server on gce with a command like npm run start on port 80,
I see this message
Port 80 is taken; using 40363 instead ...
I tried to find any process that is using port 80, but I can't find anything.
Tried sudo lsof -i : 80, netstat -lntp... nothing...
Can't I use port 80 on GCE?
Thanks for asking this up. There can be several reasons this might be happening.
A small note on Port 80: The Port 80 is used for HTTP communication and Port 443 is for HTTPS communication. For some reason, the VM is not allowing your program to start up in Port 80.
Listing down the areas to check and resolve this issue.
1. Check your basic VM firewall
While creating the VM, you might have forgot to tick the HTTP/HTTPS traffic boxes. To edit it again, stop the VM, click edit and tick the boxes as shown below.
2. Check if there is any firewall override
If you have added custom tags to the VM and applied additional firewall rules in the Firewall section of GCP, it might also lead to this scenario.
3. Other apps on this port (Ruled out)
Since you have mentioned no other apps are running in that port, this might not be applicable.
4. If none works, try creating a External IP
There are cases where an external IP was required to help the VM expose port 80 for HTTP communication for external visitors.
Created an AWS AMI instance.
I can telnet from the instance itself
telnet [Pv4 Public IP] 9200
But not from my pc.
This is my security group
What am I doing wrong?
You can check your Network ACL configurations.
It looks like there is some other firewall in between your PC and server which is blocking you on 9200.
If you can access port 80 via telnet or you're able to SSH in it's likely you have a network ACL in place. If you can not access port 80 via telnet but you can via a browser it's like a local config - maybe AV or a firewall.
EC2 instances use security groups for their firewall
Another test to narrow down the the issue would to see if you could telnet from another instances in the same subenet in the same AZ. Being in the same subnet you should not be affected by a network ACL.
You can have a look at this telnet-to a cloud instance from outside
The solution to problem was "Open the services and make the telnet manual and right click on it and chose start"
As well make sure that the instance is residing in a public VPC
Based on what you've described, there isn't really much else to work with. Your ability to telnet the public IP from the instance implies the server is listening on the external interface and your security group is already set to have the port open to all incoming connections.
Aside from the trivial overlooking of not actually having the instance under the listed security group, the only possibility I can think of now is an active firewall on the instance. In the case of iptables or ufw (which is an interface to iptables), it's trivial to verify whether they are indeed getting in the way:
// List iptables access rules
sudo iptables -L -v
// List access rules via ufw
sudo ufw status
You said: "This is my SG", but...which way? Inbound or outbound?
It can simply be that your host can't reply to your PC.
Try to add a rule which adds outbound TCP ranging from ports 32768 to 65535 (ephemeral ports), so that the telnet server response packets can travel back to your PC.
Otherwise, like the others said, look at one level up, VPC-level (network ACL).
You might have your acceptor process running on 127.0.0.1:9000 which means only local clients can connect. This is not related to your Security Group which could be wide open.
Run lsof -i:9000 if on unix.
If you see something like this under NAME then host IP used to start your acceptor will needs to change from 127.0.0.1 to 0.0.0.0 (and secure via SG/FW).
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 2777 ubuntu 148u IPv6 26856 0t0 TCP localhost:afs3-callback (LISTEN)
A Telnet service is not installed by default on an Amazon Linux AMI.
If you wish to use it, you will need to install it yourself, eg: Install and Setup Telnet on EC2 Amazon Linux or CentOS.
However, these days it is recommended to use ssh instead of telnet because it is more secure. See: Telnet on wikipedia
Just a thought, check firewall of your PC.
Need to ensure your SSH key you generated via IAM and attached to the EC2 at launch is added to the login:
ssh-add -K <yourkeyname>.pem
ssh ubuntu#<yourdns or ip>.com == or == ssh ec2-user#<yourdns or ip>
I am trying to access my ElasticSearch on a running EC2 instance from outside the Cloud. I currently have SSH/HTTP/HTTPS open to the public for inbound traffic as well as all open for outbound traffic. I set up a public IP for my EC2 instance as well.
By default ElasticSearch is on port 9200. I'm not sure if I configured my elasticsearch.yml file correctly but it basically has the default configuration I only changed the cluster.name to something else.
When I type in my public IP with port 9200 into my local browser or locally do a telnet {public-ip} 9200, there is no response. When I SSH into my EC2 instance. I can perform a curl localhost:9200 and I get the correct response from elasticsearch
How can I connect to my ElasticSearch running on my EC2 instance from outside the cloud?
I added a Custom Rule for my security group for inbound traffic that includes port 9200 and is open to 0.0.0.0/0 and I still cannot access this EC2 instance
Potential issues to check are wrong binding and instance operating system firewall.
Check where elasticsearch is binding, as if it is binding to 127.0.0.1 you won't be able to reach it from the outside.
Check binding by running in one shell on the elasticsearch ec2:
sudo netstat -lptun | grep 9200
If it shows 127.0.0.1:9200 then there is a misconfiguration if otherwise shows
*:9200 or :9200 then it is correct.
If it shows 127.0.0.1 then you should modify elasticsearch parameter network.bind_host as described in:https://www.elastic.co/guide/en/elasticsearch/reference/1.4/modules-network.html
Additionally http/HTTPS and ssh are usually allowed by default operating system firewall, whereas elasticsearch 9200 is not. This is usually the case for rhel and centos. You can temporarily disable iptables and check if it works.
To disable iptables run:
sudo iptables -F
If after disabling iptables the connection works you should configure iptables to allow connection on 9200.
I hope this helps.
G.
It is mess around Security Groups
You can add or remove rules for a security group (also referred to as
authorizing or revoking inbound or outbound access).
You shuld use the SG while launching your instance whith bounded 9200
Establish an SSH tunnel from your desktop to EC2.. then simply use your browser.. follow steps as given in https://www.jeremydaly.com/access-aws-vpc-based-elasticsearch-cluster-locally/
I have deployed jboss-4.2.3 on an EC2 instance. I have added appropriate rule to open port 8080 for inbound traffic. When I ssh into this instance and do curl localhost:8080, the expected response can be seen
But when I try to access it in a browser on my laptop, am unable to connect. Few other things I have tried to eliminate other possibilities
In order to eliminate possibility of firewall issues on my laptop, have tried to connect from another instance on amazon. Doesnt work
Also tried to configure jboss to listen to port 80. Still it can't be accessed. Apache running on port 80 however responds
Any guidance is highly appreciated
Bind your jboss to all IP addresses as below:
./run.sh -b 0.0.0.0
I was struggling with the same issue.
You need to open up port 8080 in the Security Groups as Wildfly is using it. Then you should be able to access the page.