Hi there I hope you can help.
We are currently investigating the use of WSO2 API Manager and we have spun up the AMI image on a EC2 instance. The product works fine for carbon and store on the default port on 9443, however our security guys would rather us try and move it on to more standard ports that they have already have configured.
I have found a previous article WSO2 Api Manager - Deploy in EC2 and change default ports and followed the instructions but it fails.
I have tried modifying the API MANAGER HOME/am160/wso2am-1.6.0/repository/conf/tomcat/catalina-server.xml and changed the port from 9443 to either 8443 or 443 (this would be perfect if it is possible).
If I set the port to 8443, restart the instance and issue a netstat -a I do see the port 8443 listening but I am unable to connect. If I set the port to 443 then I see nothing listening.
If I set the port back to 9443 it still fails. I have to replace the catalina-server.xml with a copy of the untouched version. I have checked permissions and they look fine to me, but to be fair I am not an Linux expert by any means.
I have checked the security group in EC2 and even set one that had all TCP ports open but still no luck.
Any help/advice or a starter for 10 would be much appreciated.
Regards and thanks
Carl.
OK, I have managed to figure this one out myself, so for anyone else faced with the same problem this is what i did.
Firstly I modified the WSO2 HOME/am160/wso2am-1.6.0/repository/conf/tomcat/catalina-server.xml file. In the section that contains port="9443" I modified this to port="8443" and also added the proxyport="443" to the line below.
I restarted WSO2 using sh ../../../bin/wso2server.sh --restart
I then added a port redirection using IPTABLES. The command I ran was sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
Now I can access WSO2 API manager on either port 8443 or 443. I could have even left it on port 9443 if I wanted.
As this is a ami image hosted on EC2 make sure the security group for the instance allows https on port 443.
Hope this helps anyone else.
Carl.
Related
I have created a VM in AWS. Assign to it Security Group with PORTS 8080-8089 Open.
Inside my VM I am running a docker of a server mapping my VM port 8081 to the Docker port 8080.
using "docker run --name mynameddocker -d -p 0.0.0.0:8081:8080 webapp"
Now, Inside my VM I can access localhost:8081 using a web browser. But the issue is trying to access it from outside VM.!!!!
My assumption that I can access it using AWS_Instatance_Public_IP:8081.
But nothing worked. I have a security rule that states open all TCP port, but still no access.
I have tried the same in Google Cloud Platform. But no progress
Any Idea ??
Upon checking that the first step (test your container image locally) is already covered, you just need to assure to have the ports mapped correctly and opened to make the connections to flow from outside to your container; we were able to reproduce the issue on GCP, using an ‘Ngnix’ image which by default has open the 80/tcp port and the port was menter image description hereapped using the 8081 port (as yours),
1.here the command we used:
docker run --name nginx-new -d -p 8081:80 nginx
Meaning that 80 is my container's port and 8081 is the port mapped on the host VM in GCP.
On a firewall rule we opened port 8081, that is the one opened on my host to receive connections and map these connections to the container's 80 port.
Basically outsider connections will go like:
Browser:http://host-ip:8080 >> GCP project firewall >> Instance port 8081 >> container port 80 >> _succesfull connection!
**Troubleshooting (please refer to the attached images, for a better reference)...
Checked ports opened on my container (container-troubleshoot.png)
Test through the container port and IP (image1)
Checked ports opened on my VM (VM-ports.png)
Test through the VM port using instance internal IP (image2)
Test through the VM port using instance external IP (image3)
Test using browser using instance external IP (image4)
It will be useful to know your error message, but I would suggest you to follow the above steps to validate if used ports are mapped and opened in the container and in the VM instance.
I am very new to coding so trying to figure this out was very hard for me. I'm trying to deploy my code with docker and running my code inside the EC2 cloud. But I can't seem to get the instance's url to work. I set my inbound (security group) HTTP (80) => 0.0.0.0/0, HTTPs (443) => 0.0.0.0/0, and SSH(22) => my ip. I read that setting my SSH to 0.0.0.0/0 was a bad idea, so I went with my ip (there was an option called 'my ip'). Also, I am using ubuntu for my AMI.
While successfully docker using (docker-compose up), I used curl http://localhost:3001 (3001 is my exposed port inside my code) and it works fine. But when I used curl ec2-XX-XXX-XXX-XXX.us-west-1.compute.amazonaws.com, it outputs:
curl: (6) Could not resolve host: ssh and
curl: (7) Failed to connect to ec2-XX-XXX-XXX-XXX.us-west-1.compute.amazonaws.com port 80: Connection refused
Curl ec2-xxx-xx-amazonaws.com send request on port 80 , while you are docker is running at port 3001.
First verify that you have exposed some host port to docker. Something like this should come in docker ps -a
0.0.0.0/3001--> 3001 . the first 3001 can be any host port
Next make sure that the first port whichever you used is there in security group and opened for your ip.
Hopefully if all good at vpc and route tables settings then :3001(use whatever host port you gave if used anything apart of 3001) all should work
I just started a new AWS EC2 instance. In the instance's security group I added a new rule to open port 8080 as well as port 80.
I created a docker image and container that runs an apache server as per the aws tutorial.
When I run docker run -p 80:80 hello-world (where hello-world is the apache container image), everything works fine and I can access the server from the public network (using a web browser, or a curl command).
However, when I run docker run -p 8080:80 hello-world and I try to send a GET request (web browser, or curl) I get a connection timeout.
If I login to the host that is running the docker container, the curl command works fine. This tells me that port 8080 isn't really open to the public network, and something is blocking it, what could that be?
I tried to reproduce the thing, and I wasn't able to do it (it worked for me), so things that you should check:
1) Check that security group has indeed opened ports 80 and 8080 to your ip (or 0.0.0.0/0 if this is just a test just to confirm that this is not a firewall issue).
2) check the container is running:
docker ps -a
you should see: 0.0.0.0:8080->80/tcp under ports.
3) check that when you are sending the GET request, you are specifying the port 8080 in the request, so your browser should look something like:
http://your.ip:8080
or curl:
curl http://your.ip:8080
warning: just for testing
For testing: Setting Security Groups can solve the problem.
SecurityGroups > Inbound > Edit inbound rules > Add new rules > All TCP
I'm running Bitnami MEAN on an EC2 instance. I can host my app just fine on port 3000 or 8080. Currently if I don't specify a port I'm taken to the Bitnami MEAN homepage. I'd like to be able to access my app by directly from my EC2 public dns without specifying a port in the url. How can I accomplish this?
The simple way to do that is Port Forwarding by using below command:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
After logging into the AWS using putty by having private key & with username "bitnami". Type the above command & enter.
Then, you will automatically redirected to your application.
Note : I am assuming, you have already configure port 8080 to security group on AWS
You'll have to open port 80 on the server's firewall, and either run your server on port 80 or forward port 80 to port 8080. You'll need to lookup the instructions for doing that based on what version of Linux you are running, but it is probably going to be an iptables command.
You'll also need to open port 80 on the EC2 server's security group.
First, i read everything i found about my problem but i am still stuck,
so i launch my ec2 instance, with the good security group with the port 80 open, ssh as well (22) and ICMP (-1)
i can ping the ip, it works well, i can ssh, no problem, when a wget http://localhost on this instance it's working as well
It's a rails application i launch sudo rails s -p80 (to be on the port 80) but i have a ERR_CONNECTION_REFUSED
when i nstat on my instance i got this :
so i guess the port 80 is not open but i have no idea how to fix this.
Anyhelp ? thx
Are you using Rails 4.2.x? It defaults to listen on only the localhost interface. You can use sudo rails s -b 0.0.0.0 -p80 to tell it to listen on all interfaces and it should be accessible externally.