I am trying to set up an internal Jenkins server for our QA team and facing some issues with the server URL. This is inside a corporate network and all sort of firewall and proxy settings are in place, however we need to access the server only with in our internal network. This server runs from a Mac Mini. I was able to install and access the server without any issues using localhost:8080.
I tried to set a custom URL (something like testjenkins.local:8080)under the Manage Jenkins option and never was able to access the server. The only option worked for me is with the IP address (IP:8080). I was able to access the server from other machines in the network using this URL.
The real problem with the above setup is that the machine IP changes(I am not able to make it static), and hence wont be able to get an always working URL.
Highly appreciate if any one guide me in the wright direction.
Given you have a dynamic IP on your server, a good alternative would be using ngrok. Ngrok can expose the port 8080 of that server to the internet via secure tunnels, and you can access it via an URL, so changes in the IP won't affect it.
However, ngrok exposes the server to the whole Internet. To make it accessible only for your team you can add authentication in both ngrok tunnel and Jenkins server (would it work for you?).
I'm using a dedicated server on aruba with ZyWall firewall. I have two ports listening in the server, using telnet from inside I can connect to both the ports. If I try to telnet from outside I can access only to one of them.
I have not internal firewall, and I don't understand how I can see if the ZyWall is blocking the port access or it is forwarding all connections to that port to another ip.
Have you any suggestion?
I found the solution. I accessed the firewall web interface from a firefox installed in the dedicated server behind the firewall (the web interface is not accessible from outside), then I made two steps:
I added a rule on which I permit the access to the target port. I made this using the "Service" tab in the Security->Firewall menĂ¹.
In the matrix between LAN, WAN, DMZ etc.. I modified the rule "from WAN to LAN" and I added the rule made in the previous step.
Now it works!
We use Jenkins 1.504 on Windows.
We need to have Master and Slave in different sub-networks with firewall in between.
We can't have ANY to ANY port firewall rules, we must specify exact port numbers.
I know the port Master is listening on.
I also see that Slave opens connection to the Master from the arbitrary port dynamically assigned every run, and port on the Master side is also arbitrary.
I can fix Master's port by specifying it in Manage Jenkins > Configure Global Security > TCP port for JNLP slave agents).
How to fix Slave port?
UPDATE: Found Connection Mechanism described here: https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI#JenkinsCLI-Connectionmechanism
I think it might work for us, but still would be better to have fixed-2-fixed ports connection.
We had a similar situation, but in our case Infosec agreed to allow any to 1, so we didnt had to fix the slave port, rather fixing the master to high level JNLP port 49187 worked ("Configure Global Security" -> "TCP port for JNLP slave agents").
TCP
49187 - Fixed jnlp port
8080 - jenkins http port
Other ports needed to launch slave as a windows service
TCP
135
139
445
UDP
137
138
A slave isn't a server, it's a client type application. Network clients (almost) never use a specific port. Instead, they ask the OS for a random free port. This works much better since you usually run clients on many machines where the current configuration isn't known in advance. This prevents thousands of "client wouldn't start because port is already in use" bug reports every day.
You need to tell the security department that the slave isn't a server but a client which connects to the server and you absolutely need to have a rule which says client:ANY -> server:FIXED. The client port number should be >= 1024 (ports 1 to 1023 need special permissions) but I'm not sure if you actually gain anything by adding a rule for this - if an attacker can open privileged ports, they basically already own the machine.
If they argue, then ask them why they don't require the same rule for all the web browsers which people use in your company.
I have a similar scenario, and had no problem connecting after setting the JNLP port as you describe, and adding a single firewall rule allowing a connection on the server using that port. Granted it is a randomly selected client port going to a known server port (a host:ANY -> server:1 rule is needed).
From my reading of the source code, I don't see a way to set the local port to use when making the request from the slave. It's unfortunate, it would be a nice feature to have.
Alternatives:
Use a simple proxy on your client that listens on port N and then does forward all data to the actual Jenkins server on the remote host using a constant local port. Connect your slave to this local proxy instead of the real Jenkins server.
Create a custom Jenkins slave build that allows an option to specify the local port to use.
Remember also if you are using HTTPS via a self-signed certificate, you must alter the configuration jenkins-slave.xml file on the slave to specify the -noCertificateCheck option on the command line.
finally got apache web server up and running.(plus mysql) but I can only access it on the on the host computer. does anyone know how to access the apache server remotely?
My main goal is to access mobile web pages via apache server with an iPad for development / troubleshooting issues.
First - check the Error Log - it may tell you about config or firewall issues.
Secondly - check with 'lsof' or 'netstat -na' if Apache is listening on * (all interfaces) or on the IP address you expect it is listening.
If that is not the case - read up on the 'Listen' directive in httpd.conf.
If that is the case - then an IP issue outside apache is blocking things. Check the firewall, check that you can ping this address, check if you can 'telnet' to this address/port (to rule out your browser going through some proxy).
And take things from there.
Dw.
I've been experimenting with EC2 for a couple days and have been banging my head against simply even being able to access the sample site I've hosted. The stack is Rails 3.1.3 with Thin and Nginx.
I've tried several different configurations and finally ended up running the Nginx auto install script, which does return a webpage when I do a curl http://ec2-107-20-143-179.compute-1.amazonaws.com/. However, when I point my browser there, it hangs forever before saying the page cannot be found.
I have assigned an Elastic IP address, and I've enabled HTTP access via port 80.
I don't much experience with the sysadmin side and I'm basically stumped at this point. Any advice would be greatly appreciated.
Did you enable the http port to all ips? That would be done by going to:
EC2 -> Security Group -> Default (or your custome one) -> Inbound
And then Create a new rule for HTTP and as a source, you should assign: 0.0.0.0/0
That should do it.
Think the AWS UI may have been updated but based on Deleteman's answer
Login to EC2 Dashboard
Instances > Instances
Actions dropdown > Networking > Change security groups
You will probably see that you only have launch-wizard-1 allowed which for me only allowed SSH access on port 22
So as Deleteman mentions, you may need to alter your security groups...
Login to EC2 Dashboard
Network and Security > Security Groups
Remove any filters that may be in the search box to show all groups
Personally I edited the default VPC security group as this is a sandbox for me, I imagine you'll want to create a security group for your project
Select the security group checkbox, select actions dropdown and click "edit the inbound rules", I used the following inbound rules just to be sure it was all working
When you revisit Instances > Instances > Description, you should see the security groups and the rules
Once you are happy it's working I would probably replace all traffic with HTTP and HTTPS if that's all that is needed
I was here earlier looking for a solution to a similar problem I was having. It turns out in my case that the EC2 instance also had its own firewall running in addition to the EC2 security group. The command 'system-config-firewall' let me get in to open the ports. Ports 80 (HTTP) and 3306 (MySQL) were not open by default. 22 (SSH) was open. I also had to do 'yum install system-config-firewall'.
To summarize, my solution was:
> yum install system-config-firewall
> system-config-firewall
This answer is for the newbies who have no idea what they are doing with an ec2 instance.
I was having the same problem and tried all the Security Group fixes to no avail.
As it turns out, I needed to turn on my server from the command line.
sudo service httpd start
Sometimes it's dark, not because a fuse blew, but because you didn't flick the switch.
I face the same issue multiple times with the ubuntu EC2 instance and here I am adding all the methods which helped me in fixing the issue in different situations.
Make sure you are accessing the "Public IPv4 DNS" or "Public IPv4 address" or "Elastic IP addresses" from the browser.
Check whether port 80 is open or not.
Here you can see that port 80 is not open in Inbound rules. So let's open port 80 first. For this click on the security tab and you can see the Security groups open this new tab
Now you have to edit inbound rules.
Click at add rule
Then select type HTTP and source AnyWhere and save it.
Similarly, you do HTTPS also.
Check the browser URL if HTTPS is not enabled and if we try to access from browser default it might be HTTPS if so please make it HTTP and try again.
Edit Network ACL. Select the Networking tab and open Subnet ID in a new window.
From Subent Id open Network ACL in the new window
Now edit inbound rules.
For me, It was as simple as just changing the url from https://my-site to http://my-site on my browser. (This solution only applies to people who are still able to SSH onto the ec2 instance but cannot connect via browser)
I was also struggling with same problem had created security group as well, but did not applied to the instance. Just create new rule for http. And apply from right click instance and choose security group and assign it.
Octopus' answer was the correct one for me, except for a Windows machine.
I needed to go to the Windows Firewall, was blocking all traffic out of the VM if it didn't match a rule. Port 80 wasn't enabled in a rule, so I merely had to add one.
Very stupid of me as I forgot to install web server (HTTP server) because of which my ec2 instance public IP was not working. Answering this question as this can also be one of the reason which one should not miss as I did.
You can install either,
nginx:
sudo apt-get install nginx
apache2:
sudo apt-get install apache2
I have encountered a quite similar situation when I tried to run my go app on EC2. If you cannot see an appropriate message or result on your browser even though you:
can get a response well using curl,
finished configuring the Security Group properly
open pen inbound traffic for 80, 443 for the world or for your IP address and
open inbound traffic for 22; and
open inbound traffic for a port that you use (like 8080, 4343, etc.)), and;
run your app to accept a connection from the outside (npm app.js, go run . etc.)
Make sure that you entered http://ec2-..., instead of https://ec2-... on your browser. You cannot connect to the server with https:// even though you open 443 port, unless you already configured ssh certificate. Entering the full address with http protocol, without omitting it, may solve the problem.
I had the same issue, been racking my brain bad since I have no experience with Ubuntu or linux. The answer from Parag fixed it.
Very stupid of me as I forgot to install web server (HTTP server) because of which my ec2 instance public IP was not working. Answering this question as this can also be one of the reason which one should not miss as I did.
You can install either,
nginx:
sudo apt-get install nginx
apache2:
sudo apt-get install apache2
The best way is to edit your security inbound rules. Please refer to below snap.
I know this is a very old thread but faced this issue with many services recently. When you are running any application server like Puma or Unicorn over port example 3000, without having a Load Balancer or Proxy like Nginx frontend it. You have to follow two steps:
Bind the service to 0.0.0.0/3000 and not 127.0.0.1/3000.(This will
leave your service open and accessible by anybody on the internet,
that is were step 2 comes into picture).
In AWS security group now allow port 3000 for 0.0.0.0 if you want it
be access by anybody over the internet or add VPN or your network IP
to allow it only for you and you team.
My problem was the browser.
Chrome works; Firefox DOES NOT work.
Here are the steps that you can follow and when you check both of these, chances are that they will work for sure.
Make sure that you're using http:// in the browser instead of https:// on the IP and amazon IPV4 public DNS (It comes in some form like http://ec2-some-ip-address-here.region.compute.amazonaws.com)
Click on the instance id and scroll down,
go to the security tab,
click on security group it will look like this [![enter image description here][1]][1]
Click on edit inbound rules
Add this
For type- choose HTTP
Source - choose anywhere or anywhere ipv4
and click save and you're done.
Combination of these two should work fine.
While we opened inbounds rules http and https it goes automatically with either one http or https so follow below:
Make sure that you entered http://ec2-..., instead of https://ec2-... on your browser.
For me, I needed to setup ufw and allow it on my EC2insttance. I did so with this command sudo ufw app info "WWW Full"
In my case, it's because I access the public IP with HTTPS, so remmeber to remove 's' in the browser. So stupid!
it may solve by putting http instead of https in browser address
My Windows Ec2 instance was not accessible when I tried to access the public IP from the browser. After checking all the above, I had to update the Windows (Defender) Firewall setting which was blocking the incoming traffic.