I'm trying to connect to my public IP http://34.125.119.106:8080/, where I have a Jenkins service running but I can't and don't know why.
I've create firewall rule to allow tcp traffic on port 8080, which is the port exposed to Jenkins, but I still cannot connect. I looked into the /etc/default/jenkins file, to see if everything inside was configured correctly. I tried to line in this file like 'HTTP_HOST=127.0.0.1', like some people advise to do ,but it doesn't work for my case. Does anyone know how to solve this?
Sorry for my bad English.
enter image description here
i made a test and it successfully connected,but i still cant connect to my external Ip
Use the default settings, because HTTP_HOST=127.0.0.1 locks you out:
HTTP_HOST=0.0.0.0
HTTP_PORT=8080
HTTPS_HOST=0.0.0.0
HTTPS_PORT=443
Listing to all interfaces with 0.0.0.0 is fine, but HTTP_PORT should be -1.
As a first step my recommendation is to check if your service is exposed and through what port number. For this you can use command sudo netstat -plntu. You should be looking for an output similar to:
tcp6 0 0 :::8080 :::* LISTEN 17917/java
If its not, change your /etc/default/jenkins file to port 8080
After that from inside your GCP project, you can run a connectivity test having as source one of the IP addresses you are using to reach your Server and as destination your Servers VM instance IP address. This test will simulate traffic and tell you where it's getting stuck whether if it's stuck on the way to your Server or if your server is not correctly configured. You can get a good reference in this document.
If you have already configured your ingress firewall rule, just make sure its applied to your VM, it sometimes happens that you have a network tag on your VM instance and another tag on your firewall rule.
Is JIRA supported in GCE? If so, how to make it work?
We have installed 64-bit .bin of JIRA(6.4.1), and opened necessary custom http ports under Networks.
Started JIRA as service, but unable to see it work via browser. No error message than, timed out error!
Any help would be highly appreciated.
Note: We are new to Google Cloud Platform.
Did you enable the http and https services on your instance ? By default the GCE instance does not allow Http and Https traffic, you have to do it manually.
The Jira configuration for Google Compute Engine can be tricky. You need to make sure that:
The firewall rules under Netowrking allows a connection to Jira HTTP port or the HTTP enables in VM properties
The global Networking rules allow TCP traffic on this port
The virtual network have routes configured
If you use Apache as proxy for Jira (recommended) then make sure Apache is configured to point to the Tomcat port
Your Tomcat is configured
You have enabled port allocation using setcap utility
Your local machine firewall enables the connection (in Red Hat ipconfig is enabled by default and blocks the connections)
As you can see it may be tricky to install Jira on Google Cloud. It may be a good idea to use a deployment service like Deploy4Me to do this quickly and automatically.
I am using Foreman specifing port 3000. How can I access my application by writting myapp.local in the browser instead of typing 0.0.0.0:3000?
I have added:
0.0.0.0 myapp.local
But when doing myapp.local it defaults to the default localhost for Apache, not the Rails app.
Short answer: You can't.
The host table is meant to map hostnames to IP addresses (Wiki). Ports come in at a different point.
However, you can specify the port Foreman should run on:
-p, --port
Specify which port to use as the base for this application. Should be a multiple of 1000.
I don't know the Foreman but as you connect to it with your browser than I assume it talks via HTTP. If so you can use proxy settings to point to that host:port. Try FoxyProxy. It's more like a workaround rather than a real solution but it should work (as far as it's not HTTPS)
If you're using Linux than another way is to use LD_PRELOAD to overwrite connect glibc function. It's quite low level hack but it's not so complicated.
Another way in Linux would be to make netfilter rule (iptables) to NAT the connection. It's not nice either as you'll need root level change to achieve simple thing.
I'm using a dedicated server on aruba with ZyWall firewall. I have two ports listening in the server, using telnet from inside I can connect to both the ports. If I try to telnet from outside I can access only to one of them.
I have not internal firewall, and I don't understand how I can see if the ZyWall is blocking the port access or it is forwarding all connections to that port to another ip.
Have you any suggestion?
I found the solution. I accessed the firewall web interface from a firefox installed in the dedicated server behind the firewall (the web interface is not accessible from outside), then I made two steps:
I added a rule on which I permit the access to the target port. I made this using the "Service" tab in the Security->Firewall menĂ¹.
In the matrix between LAN, WAN, DMZ etc.. I modified the rule "from WAN to LAN" and I added the rule made in the previous step.
Now it works!
I've been experimenting with EC2 for a couple days and have been banging my head against simply even being able to access the sample site I've hosted. The stack is Rails 3.1.3 with Thin and Nginx.
I've tried several different configurations and finally ended up running the Nginx auto install script, which does return a webpage when I do a curl http://ec2-107-20-143-179.compute-1.amazonaws.com/. However, when I point my browser there, it hangs forever before saying the page cannot be found.
I have assigned an Elastic IP address, and I've enabled HTTP access via port 80.
I don't much experience with the sysadmin side and I'm basically stumped at this point. Any advice would be greatly appreciated.
Did you enable the http port to all ips? That would be done by going to:
EC2 -> Security Group -> Default (or your custome one) -> Inbound
And then Create a new rule for HTTP and as a source, you should assign: 0.0.0.0/0
That should do it.
Think the AWS UI may have been updated but based on Deleteman's answer
Login to EC2 Dashboard
Instances > Instances
Actions dropdown > Networking > Change security groups
You will probably see that you only have launch-wizard-1 allowed which for me only allowed SSH access on port 22
So as Deleteman mentions, you may need to alter your security groups...
Login to EC2 Dashboard
Network and Security > Security Groups
Remove any filters that may be in the search box to show all groups
Personally I edited the default VPC security group as this is a sandbox for me, I imagine you'll want to create a security group for your project
Select the security group checkbox, select actions dropdown and click "edit the inbound rules", I used the following inbound rules just to be sure it was all working
When you revisit Instances > Instances > Description, you should see the security groups and the rules
Once you are happy it's working I would probably replace all traffic with HTTP and HTTPS if that's all that is needed
I was here earlier looking for a solution to a similar problem I was having. It turns out in my case that the EC2 instance also had its own firewall running in addition to the EC2 security group. The command 'system-config-firewall' let me get in to open the ports. Ports 80 (HTTP) and 3306 (MySQL) were not open by default. 22 (SSH) was open. I also had to do 'yum install system-config-firewall'.
To summarize, my solution was:
> yum install system-config-firewall
> system-config-firewall
This answer is for the newbies who have no idea what they are doing with an ec2 instance.
I was having the same problem and tried all the Security Group fixes to no avail.
As it turns out, I needed to turn on my server from the command line.
sudo service httpd start
Sometimes it's dark, not because a fuse blew, but because you didn't flick the switch.
I face the same issue multiple times with the ubuntu EC2 instance and here I am adding all the methods which helped me in fixing the issue in different situations.
Make sure you are accessing the "Public IPv4 DNS" or "Public IPv4 address" or "Elastic IP addresses" from the browser.
Check whether port 80 is open or not.
Here you can see that port 80 is not open in Inbound rules. So let's open port 80 first. For this click on the security tab and you can see the Security groups open this new tab
Now you have to edit inbound rules.
Click at add rule
Then select type HTTP and source AnyWhere and save it.
Similarly, you do HTTPS also.
Check the browser URL if HTTPS is not enabled and if we try to access from browser default it might be HTTPS if so please make it HTTP and try again.
Edit Network ACL. Select the Networking tab and open Subnet ID in a new window.
From Subent Id open Network ACL in the new window
Now edit inbound rules.
For me, It was as simple as just changing the url from https://my-site to http://my-site on my browser. (This solution only applies to people who are still able to SSH onto the ec2 instance but cannot connect via browser)
I was also struggling with same problem had created security group as well, but did not applied to the instance. Just create new rule for http. And apply from right click instance and choose security group and assign it.
Octopus' answer was the correct one for me, except for a Windows machine.
I needed to go to the Windows Firewall, was blocking all traffic out of the VM if it didn't match a rule. Port 80 wasn't enabled in a rule, so I merely had to add one.
Very stupid of me as I forgot to install web server (HTTP server) because of which my ec2 instance public IP was not working. Answering this question as this can also be one of the reason which one should not miss as I did.
You can install either,
nginx:
sudo apt-get install nginx
apache2:
sudo apt-get install apache2
I have encountered a quite similar situation when I tried to run my go app on EC2. If you cannot see an appropriate message or result on your browser even though you:
can get a response well using curl,
finished configuring the Security Group properly
open pen inbound traffic for 80, 443 for the world or for your IP address and
open inbound traffic for 22; and
open inbound traffic for a port that you use (like 8080, 4343, etc.)), and;
run your app to accept a connection from the outside (npm app.js, go run . etc.)
Make sure that you entered http://ec2-..., instead of https://ec2-... on your browser. You cannot connect to the server with https:// even though you open 443 port, unless you already configured ssh certificate. Entering the full address with http protocol, without omitting it, may solve the problem.
I had the same issue, been racking my brain bad since I have no experience with Ubuntu or linux. The answer from Parag fixed it.
Very stupid of me as I forgot to install web server (HTTP server) because of which my ec2 instance public IP was not working. Answering this question as this can also be one of the reason which one should not miss as I did.
You can install either,
nginx:
sudo apt-get install nginx
apache2:
sudo apt-get install apache2
The best way is to edit your security inbound rules. Please refer to below snap.
I know this is a very old thread but faced this issue with many services recently. When you are running any application server like Puma or Unicorn over port example 3000, without having a Load Balancer or Proxy like Nginx frontend it. You have to follow two steps:
Bind the service to 0.0.0.0/3000 and not 127.0.0.1/3000.(This will
leave your service open and accessible by anybody on the internet,
that is were step 2 comes into picture).
In AWS security group now allow port 3000 for 0.0.0.0 if you want it
be access by anybody over the internet or add VPN or your network IP
to allow it only for you and you team.
My problem was the browser.
Chrome works; Firefox DOES NOT work.
Here are the steps that you can follow and when you check both of these, chances are that they will work for sure.
Make sure that you're using http:// in the browser instead of https:// on the IP and amazon IPV4 public DNS (It comes in some form like http://ec2-some-ip-address-here.region.compute.amazonaws.com)
Click on the instance id and scroll down,
go to the security tab,
click on security group it will look like this [![enter image description here][1]][1]
Click on edit inbound rules
Add this
For type- choose HTTP
Source - choose anywhere or anywhere ipv4
and click save and you're done.
Combination of these two should work fine.
While we opened inbounds rules http and https it goes automatically with either one http or https so follow below:
Make sure that you entered http://ec2-..., instead of https://ec2-... on your browser.
For me, I needed to setup ufw and allow it on my EC2insttance. I did so with this command sudo ufw app info "WWW Full"
In my case, it's because I access the public IP with HTTPS, so remmeber to remove 's' in the browser. So stupid!
it may solve by putting http instead of https in browser address
My Windows Ec2 instance was not accessible when I tried to access the public IP from the browser. After checking all the above, I had to update the Windows (Defender) Firewall setting which was blocking the incoming traffic.