i know there are lots of similar questions about but no one help me.
I have a linux server running nginx reverse proxy in docker, a duckdns domain created,opened my router port 80 and 443. I can't access from outside with my domain name or public ip, it seems like my router refuses external request. I tried with lots of configuration, follow lots of guides on web... I get crazy to solve this problem.
I think problem is before nginx, so i not post my nginx conf. If can help, I will post it.
Hope someone can help me. Thank you so much
There are several things that could be causing the issue with your router refusing external requests. Here are a few things to check:
Make sure that your router's firewall is configured to allow incoming connections on ports 80 and 443. Some routers have a built-in firewall that needs to be configured to allow traffic through specific ports.
Confirm that your router is properly forwarding incoming requests to the correct IP address and port on your network. This is typically done through a feature called port forwarding.
Check your router's security settings to ensure that it is not blocking incoming requests based on the source IP address or domain name. Some routers have the option to block incoming requests from specific IP addresses or domain names.
Confirm that your Linux server is properly configured to handle incoming requests. This includes checking that your Nginx reverse proxy is running and properly configured to forward requests to the correct IP address and port.
Verify that your DNS is pointing to the right IP address, you can use online tools like https://www.whatsmydns.net/ to check this.
Check if your router have any VPN or proxy service enabled, which could be affecting the incoming request.
Check if your ISP is blocking incoming connection to your public IP address.
It's also possible that there might be a problem with your router's firmware or hardware, in that case, you may need to contact the manufacturer for further assistance.
I just moved my server from one place to another and while everything is working on my reverse proxy. (Traefik generates ACME Certificate, docker containers are up and healthy)
I can't seem to access traefik from my domain name, whereas I can access it with the static IP (WAN) or even local IP (LAN). I changed the A record in my registrar's DNS (porkbun) to the new static IP and can ping through it, even access ssh, but I can't reach traefik. Logs (level DEBUG) don't even show an attempt to connect, so I don't know what's happening.
If you have any idea what could go wrong, or what I could be missing. Everything worked before.
Thanks.
I have a container called web, it contains my application and apache webserver. When I put to browser address 0.0.0.0:8090 i get my working application. But i need to change this address to mastery.local. How do I do that without using /etc/hosts file.
This can only be achieved via DNS resolution.
The simplest way would be to add this entry to the /etc/hosts.
As an alternative you could setup an dedicated DNS server on your machine which resolves this address to 0.0.0.0 and then configure your machine to use this DNS server.
I am trying to set up an internal Jenkins server for our QA team and facing some issues with the server URL. This is inside a corporate network and all sort of firewall and proxy settings are in place, however we need to access the server only with in our internal network. This server runs from a Mac Mini. I was able to install and access the server without any issues using localhost:8080.
I tried to set a custom URL (something like testjenkins.local:8080)under the Manage Jenkins option and never was able to access the server. The only option worked for me is with the IP address (IP:8080). I was able to access the server from other machines in the network using this URL.
The real problem with the above setup is that the machine IP changes(I am not able to make it static), and hence wont be able to get an always working URL.
Highly appreciate if any one guide me in the wright direction.
Given you have a dynamic IP on your server, a good alternative would be using ngrok. Ngrok can expose the port 8080 of that server to the internet via secure tunnels, and you can access it via an URL, so changes in the IP won't affect it.
However, ngrok exposes the server to the whole Internet. To make it accessible only for your team you can add authentication in both ngrok tunnel and Jenkins server (would it work for you?).
I've been experimenting with EC2 for a couple days and have been banging my head against simply even being able to access the sample site I've hosted. The stack is Rails 3.1.3 with Thin and Nginx.
I've tried several different configurations and finally ended up running the Nginx auto install script, which does return a webpage when I do a curl http://ec2-107-20-143-179.compute-1.amazonaws.com/. However, when I point my browser there, it hangs forever before saying the page cannot be found.
I have assigned an Elastic IP address, and I've enabled HTTP access via port 80.
I don't much experience with the sysadmin side and I'm basically stumped at this point. Any advice would be greatly appreciated.
Did you enable the http port to all ips? That would be done by going to:
EC2 -> Security Group -> Default (or your custome one) -> Inbound
And then Create a new rule for HTTP and as a source, you should assign: 0.0.0.0/0
That should do it.
Think the AWS UI may have been updated but based on Deleteman's answer
Login to EC2 Dashboard
Instances > Instances
Actions dropdown > Networking > Change security groups
You will probably see that you only have launch-wizard-1 allowed which for me only allowed SSH access on port 22
So as Deleteman mentions, you may need to alter your security groups...
Login to EC2 Dashboard
Network and Security > Security Groups
Remove any filters that may be in the search box to show all groups
Personally I edited the default VPC security group as this is a sandbox for me, I imagine you'll want to create a security group for your project
Select the security group checkbox, select actions dropdown and click "edit the inbound rules", I used the following inbound rules just to be sure it was all working
When you revisit Instances > Instances > Description, you should see the security groups and the rules
Once you are happy it's working I would probably replace all traffic with HTTP and HTTPS if that's all that is needed
I was here earlier looking for a solution to a similar problem I was having. It turns out in my case that the EC2 instance also had its own firewall running in addition to the EC2 security group. The command 'system-config-firewall' let me get in to open the ports. Ports 80 (HTTP) and 3306 (MySQL) were not open by default. 22 (SSH) was open. I also had to do 'yum install system-config-firewall'.
To summarize, my solution was:
> yum install system-config-firewall
> system-config-firewall
This answer is for the newbies who have no idea what they are doing with an ec2 instance.
I was having the same problem and tried all the Security Group fixes to no avail.
As it turns out, I needed to turn on my server from the command line.
sudo service httpd start
Sometimes it's dark, not because a fuse blew, but because you didn't flick the switch.
I face the same issue multiple times with the ubuntu EC2 instance and here I am adding all the methods which helped me in fixing the issue in different situations.
Make sure you are accessing the "Public IPv4 DNS" or "Public IPv4 address" or "Elastic IP addresses" from the browser.
Check whether port 80 is open or not.
Here you can see that port 80 is not open in Inbound rules. So let's open port 80 first. For this click on the security tab and you can see the Security groups open this new tab
Now you have to edit inbound rules.
Click at add rule
Then select type HTTP and source AnyWhere and save it.
Similarly, you do HTTPS also.
Check the browser URL if HTTPS is not enabled and if we try to access from browser default it might be HTTPS if so please make it HTTP and try again.
Edit Network ACL. Select the Networking tab and open Subnet ID in a new window.
From Subent Id open Network ACL in the new window
Now edit inbound rules.
For me, It was as simple as just changing the url from https://my-site to http://my-site on my browser. (This solution only applies to people who are still able to SSH onto the ec2 instance but cannot connect via browser)
I was also struggling with same problem had created security group as well, but did not applied to the instance. Just create new rule for http. And apply from right click instance and choose security group and assign it.
Octopus' answer was the correct one for me, except for a Windows machine.
I needed to go to the Windows Firewall, was blocking all traffic out of the VM if it didn't match a rule. Port 80 wasn't enabled in a rule, so I merely had to add one.
Very stupid of me as I forgot to install web server (HTTP server) because of which my ec2 instance public IP was not working. Answering this question as this can also be one of the reason which one should not miss as I did.
You can install either,
nginx:
sudo apt-get install nginx
apache2:
sudo apt-get install apache2
I have encountered a quite similar situation when I tried to run my go app on EC2. If you cannot see an appropriate message or result on your browser even though you:
can get a response well using curl,
finished configuring the Security Group properly
open pen inbound traffic for 80, 443 for the world or for your IP address and
open inbound traffic for 22; and
open inbound traffic for a port that you use (like 8080, 4343, etc.)), and;
run your app to accept a connection from the outside (npm app.js, go run . etc.)
Make sure that you entered http://ec2-..., instead of https://ec2-... on your browser. You cannot connect to the server with https:// even though you open 443 port, unless you already configured ssh certificate. Entering the full address with http protocol, without omitting it, may solve the problem.
I had the same issue, been racking my brain bad since I have no experience with Ubuntu or linux. The answer from Parag fixed it.
Very stupid of me as I forgot to install web server (HTTP server) because of which my ec2 instance public IP was not working. Answering this question as this can also be one of the reason which one should not miss as I did.
You can install either,
nginx:
sudo apt-get install nginx
apache2:
sudo apt-get install apache2
The best way is to edit your security inbound rules. Please refer to below snap.
I know this is a very old thread but faced this issue with many services recently. When you are running any application server like Puma or Unicorn over port example 3000, without having a Load Balancer or Proxy like Nginx frontend it. You have to follow two steps:
Bind the service to 0.0.0.0/3000 and not 127.0.0.1/3000.(This will
leave your service open and accessible by anybody on the internet,
that is were step 2 comes into picture).
In AWS security group now allow port 3000 for 0.0.0.0 if you want it
be access by anybody over the internet or add VPN or your network IP
to allow it only for you and you team.
My problem was the browser.
Chrome works; Firefox DOES NOT work.
Here are the steps that you can follow and when you check both of these, chances are that they will work for sure.
Make sure that you're using http:// in the browser instead of https:// on the IP and amazon IPV4 public DNS (It comes in some form like http://ec2-some-ip-address-here.region.compute.amazonaws.com)
Click on the instance id and scroll down,
go to the security tab,
click on security group it will look like this [![enter image description here][1]][1]
Click on edit inbound rules
Add this
For type- choose HTTP
Source - choose anywhere or anywhere ipv4
and click save and you're done.
Combination of these two should work fine.
While we opened inbounds rules http and https it goes automatically with either one http or https so follow below:
Make sure that you entered http://ec2-..., instead of https://ec2-... on your browser.
For me, I needed to setup ufw and allow it on my EC2insttance. I did so with this command sudo ufw app info "WWW Full"
In my case, it's because I access the public IP with HTTPS, so remmeber to remove 's' in the browser. So stupid!
it may solve by putting http instead of https in browser address
My Windows Ec2 instance was not accessible when I tried to access the public IP from the browser. After checking all the above, I had to update the Windows (Defender) Firewall setting which was blocking the incoming traffic.