I have an ec2 free instance working as well as elastic IP, S3 and RDS. There is a folder with the sources of my application at /home/ubuntu. I run a built-in server inside this folder:
$ /home/ubuntu/my_app play run
It's running at port 9000 (at my_app folder). I have A and CNAME records at route53, but they point to the static html pages-stubs at s3, I did it for simplicity and, of course, they shouldn't point to the static pages.
I wonder, how do I make this running Play application visible from outside? I have no idea where in ec2 (or in route53) look for and set it. Obviously, I want it to be accessible as my_custom_domain.com (which I have) without specifying the port (my_custom_domain.com:9000).
To change your port from 9000 to 80 - If you work on ubuntu you can use iptables
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 9000
This will route all traffic coming from port 9000 to port 80
To map your elastic IP to my_custom_domain.com from the documentation:
Create a resource record set in your hosted zone. For Type, choose A –
Ipv4 address. For Value, specify the Elastic IP address for your
Amazon EC2 instance. For more information about creating a resource
record set, see Working with Resource Record Sets.
If you want to run several applications on the same server, each on a different port, but serve them each on a different DNS (for example: http://www.my_domain.com for port 8080, and http://m.my_domain.com for port 8081), you might want to use ELBs which can do port forwarding from port 80 to the application port.
With this configuration you can map each ELB as an Alias on a Route 53 Record Set.
Related
I have an application which is running on a port 7071 and when I do:-
netstat -aon | grep 7071
I get:-
tcp6 :::7071 3204/java (snipped)
I am able to create a target group with tcp:7071 and host returns healthy and I have created a dualstack NLB(internet-facing) for this.
Still when I try to access this inside EC2 instance of another AWS account, the connection times out:-
telnet dualstack.name.elb.eu-west-2.amazonaws.com 80
The security group allows all traffic at 80 including ipv6.
We have four AWS accounts which serve different environments(dev, Test, Beta, Prod).
the application that is running can have only one instance of it due to license restrictions. so we need to expose this app to other AWS accounts and that's why this setup(which is not working).
Please help.
I am confused about configuring the EC2 security group settings.
There are three options (TCP, SSH, HTTPS) and each of them requires you to add an IP/port number.
For context, in my work I'm usually running Flask apps over EC2 and I only want particular people to view them. My question is understanding the difference between TCP, SSH, and HTTPs but more importantly which of these are important for me to configure.
Within the EC2 Console, under Security Groups:
SSH and HTTPS in the Type dropdown, are presets which set the port to 22 and 443 respectively.
TCP is the protocol. Both SSH and HTTPS are TCP.
If you're running a server which you want to expose on a non standard port, you can select Custom TCP Rule, then set the port acordingly.
You should probably have one security group that allows SSH traffic, then assign this security group to the EC2 instances you wish to shell into:
Then have a separate security group that allows the webserver traffic, in this case I also have one for port 80, aswell as 443:
Of course you will then need a server running on that EC2 instance to receive the traffic. This might be a reverse proxy like nginx, which then proxies traffic to the correct port for your app server (run your flask app with something like gunicorn in production).
If nginx and gunicorn are running on the same box, and say gunicorn serves on port 8000, then you wouldn't need a security group for this as it's loopback traffic. Your nginx configuration points to port 8000.
However if you have a separate EC2 instance running gunicorn, you might wish to set up a secuirty group for this to allow internal traffic from your VPC CIDR range:
I only want particular people to view them
This is probably a job for authentication on the app, as oppose to security groups, unless your certain of the public IPs from which you wish people to connect.
In the above examples above a Source of 0.0.0.0/0 is allowing traffic from anywhere to reach that port. The console has a convenient dropdown which lets you set My IP if you only want to allow traffic from the IP you're using to connect to the console. Otherwise you'd need to manually calculate the CIDR blocks.
Hope this helps. It probably raises more questions.
Https/Http are important for you. Both are used with websites. Https is http over SSL, meaning more secure than http. You just need these.
Http/https uses TCP port 80 and 443 by default.
SSH is used to securely access a Unix based server.
I have set up an AWS EC2 Instance with LAMP stack and installed Wordpress.
My instance was accessible through a browser via its public DNS. I logged into wordpress admin and made some changes and everything was working ok.
I then added an Elastic IP and I now cannot access my site through a browser via its public DNS.
However, the server is fully accessible via SSH.
The public DNS is:
[ec2-52-210-2-56.eu-west-1.compute.amazonaws.com][1]
My security groups are as follows:
80 tcp 0.0.0.0/0
22 tcp 209.93.74.222/32
443 tcp 0.0.0.0/0
I have removed the EIP. That made no difference. I have rebooted and stopped and restarted the instance. That made no difference either.
I am not sure how to fix it?
I had similar problem when i was new to AWS figuring out new things.
What i found out was you need to perform the below steps to redirect your url to correct IP address:
The old site URL and the new site URL for your instance. The old site URL is likely the public DNS name for your EC2 instance when you installed WordPress. The new site URL is the current public DNS name for your EC2 instance. If you are not sure of your old site URL, you can use curl to find it with the following command.
$curl localhost | grep wp-content
You should see references to your old public DNS name in the output, which will look like this (old site URL in red):
<script type='text/javascript' src='http://ec2-52-8-139-223.us-west-1.compute.amazonaws.com/wp-content/themes/twentyfifteen/js/functions.js?ver=20150330'></script>
$ curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
Search and replace the old site URL in your WordPress installation with the following command. Substitute the old and new site URLs for your EC2 instance and the path to your WordPress installation (usually /var/www/html or /var/www/html/blog).
$ php wp-cli.phar search-replace 'old_site_url' 'new_site_url' --path=/path/to/wordpress/installation --skip-columns=guid
Your website will be fixed!!!
Done!
NOTE: But everytime you change the IP you need to change your url to new IP.
Visit This site can’t be reached Amazon Ec2
I got the issue with Windows EC2 while connecting through HTTP 80 port and followed below link.
If your computer is on a corporate network, ask your network administrator whether the internal firewall allows inbound and outbound traffic from your computer on port 22 (for Linux instances) or port 3389 (for Windows instances).
If you have a firewall on your computer, verify that it allows inbound and outbound traffic from your computer on port 22 (for Linux instances) or port 3389 (for Windows instances).
or follow link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectionTimeout
Check Firewall settings in your Windows EC2: Goto > Firewall Settings or Properties choose public profile > check inbound connections, change to "Allow" if it is "Blocked by default"
I have a local web server running:
https://localhost:5555
Everything things in my laptop.
And let's say that I have bought my own domain abc.com.
What would be the easiest way to deploy this to abc.com in Google cloud?
Set up a VM machine and running the same program inside the machine.
Get the external (public ip) and open the port 5555 in network setting.
Now it works perfect, if I go to my $PUBLIC_IP:5555
But I can't figure out how to map these to my DNS so that if people click abc.com, then it redirects to my $PUBLIC_IP:5555. Is there any easy way to do this without setting up nginx or separate web server to route traffic in Google cloud platform?
Thanks!
If people click on abc.com, their browser will default to port 80 rather than 5555. Assuming that your web server won't run on port 80 (or you don't want it on port 80), you can use iptables to translate port 80 to port 5555 like so:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 5555
That covers the port part of the problem. The other part of the problem is mapping the domain name abc.com to $PUBLIC_IP. To do this, you'll need to go to the service where you registered the domain name and add an A record which maps to $PUBLIC_IP. Here is Google's guide for how to do this with various registrars.
I've registered domain with bigrock.in
Created ec2 instance in aws
created elastic ip
registered with route53 and gave my domain name
changed the name servers in bigrock with the provided names in bigrock
ssh to the ec2 instance with elastic ip
ran node.js app with forever
with the following environemnt variables
export ROOT_URL="www.domain.com"
at the time of route53 process, I created A record with www sub-domain to elasticIp
But, I'm not seeing anything at domain.com or at elasticIp xxx.xxx.xxx.xxx
Did I miss any steps, Is there anything wrong I did or do I need to do anything to make this works
EDIT
I haven't added any A or CNAME records to bigrock just changed the name server to the servers provided by ROuter53
Edit 2
that is my security group outbound details, My app is running on port 80.
Are those settings correct?
EDIT 3
My INbound rules
You've got a rule to allow all traffic from anywhere on the INBOUND security groups so its not that (make sure you fix this later when you get it working - as it is, its a bit of a security hole).
Next thing I would normally say is its a dns problem, but as you say you've tried going to the eip as well as the domain name its not that either.
Next likely candidates are:
The server isnt listening - it may be that it hasnt started properly try checking the logs,The machine's firewall is blocking connections. (try turning it off - keep this at VERY short time length though - its a huge risk in combination with your security group settings)
Or your server is not listening on port 80, e.g. it might be listening on 8080 or 443. Check the server config - by default browsers assume port 80 for http, if its not listening on that you will have to specify the port in the address bar as well e.g. http://example.com:8080