I've been experimenting with EC2 for a couple days and have been banging my head against simply even being able to access the sample site I've hosted. The stack is Rails 3.1.3 with Thin and Nginx.
I've tried several different configurations and finally ended up running the Nginx auto install script, which does return a webpage when I do a curl http://ec2-107-20-143-179.compute-1.amazonaws.com/. However, when I point my browser there, it hangs forever before saying the page cannot be found.
I have assigned an Elastic IP address, and I've enabled HTTP access via port 80.
I don't much experience with the sysadmin side and I'm basically stumped at this point. Any advice would be greatly appreciated.
Did you enable the http port to all ips? That would be done by going to:
EC2 -> Security Group -> Default (or your custome one) -> Inbound
And then Create a new rule for HTTP and as a source, you should assign: 0.0.0.0/0
That should do it.
Think the AWS UI may have been updated but based on Deleteman's answer
Login to EC2 Dashboard
Instances > Instances
Actions dropdown > Networking > Change security groups
You will probably see that you only have launch-wizard-1 allowed which for me only allowed SSH access on port 22
So as Deleteman mentions, you may need to alter your security groups...
Login to EC2 Dashboard
Network and Security > Security Groups
Remove any filters that may be in the search box to show all groups
Personally I edited the default VPC security group as this is a sandbox for me, I imagine you'll want to create a security group for your project
Select the security group checkbox, select actions dropdown and click "edit the inbound rules", I used the following inbound rules just to be sure it was all working
When you revisit Instances > Instances > Description, you should see the security groups and the rules
Once you are happy it's working I would probably replace all traffic with HTTP and HTTPS if that's all that is needed
I was here earlier looking for a solution to a similar problem I was having. It turns out in my case that the EC2 instance also had its own firewall running in addition to the EC2 security group. The command 'system-config-firewall' let me get in to open the ports. Ports 80 (HTTP) and 3306 (MySQL) were not open by default. 22 (SSH) was open. I also had to do 'yum install system-config-firewall'.
To summarize, my solution was:
> yum install system-config-firewall
> system-config-firewall
This answer is for the newbies who have no idea what they are doing with an ec2 instance.
I was having the same problem and tried all the Security Group fixes to no avail.
As it turns out, I needed to turn on my server from the command line.
sudo service httpd start
Sometimes it's dark, not because a fuse blew, but because you didn't flick the switch.
I face the same issue multiple times with the ubuntu EC2 instance and here I am adding all the methods which helped me in fixing the issue in different situations.
Make sure you are accessing the "Public IPv4 DNS" or "Public IPv4 address" or "Elastic IP addresses" from the browser.
Check whether port 80 is open or not.
Here you can see that port 80 is not open in Inbound rules. So let's open port 80 first. For this click on the security tab and you can see the Security groups open this new tab
Now you have to edit inbound rules.
Click at add rule
Then select type HTTP and source AnyWhere and save it.
Similarly, you do HTTPS also.
Check the browser URL if HTTPS is not enabled and if we try to access from browser default it might be HTTPS if so please make it HTTP and try again.
Edit Network ACL. Select the Networking tab and open Subnet ID in a new window.
From Subent Id open Network ACL in the new window
Now edit inbound rules.
For me, It was as simple as just changing the url from https://my-site to http://my-site on my browser. (This solution only applies to people who are still able to SSH onto the ec2 instance but cannot connect via browser)
I was also struggling with same problem had created security group as well, but did not applied to the instance. Just create new rule for http. And apply from right click instance and choose security group and assign it.
Octopus' answer was the correct one for me, except for a Windows machine.
I needed to go to the Windows Firewall, was blocking all traffic out of the VM if it didn't match a rule. Port 80 wasn't enabled in a rule, so I merely had to add one.
Very stupid of me as I forgot to install web server (HTTP server) because of which my ec2 instance public IP was not working. Answering this question as this can also be one of the reason which one should not miss as I did.
You can install either,
nginx:
sudo apt-get install nginx
apache2:
sudo apt-get install apache2
I have encountered a quite similar situation when I tried to run my go app on EC2. If you cannot see an appropriate message or result on your browser even though you:
can get a response well using curl,
finished configuring the Security Group properly
open pen inbound traffic for 80, 443 for the world or for your IP address and
open inbound traffic for 22; and
open inbound traffic for a port that you use (like 8080, 4343, etc.)), and;
run your app to accept a connection from the outside (npm app.js, go run . etc.)
Make sure that you entered http://ec2-..., instead of https://ec2-... on your browser. You cannot connect to the server with https:// even though you open 443 port, unless you already configured ssh certificate. Entering the full address with http protocol, without omitting it, may solve the problem.
I had the same issue, been racking my brain bad since I have no experience with Ubuntu or linux. The answer from Parag fixed it.
Very stupid of me as I forgot to install web server (HTTP server) because of which my ec2 instance public IP was not working. Answering this question as this can also be one of the reason which one should not miss as I did.
You can install either,
nginx:
sudo apt-get install nginx
apache2:
sudo apt-get install apache2
The best way is to edit your security inbound rules. Please refer to below snap.
I know this is a very old thread but faced this issue with many services recently. When you are running any application server like Puma or Unicorn over port example 3000, without having a Load Balancer or Proxy like Nginx frontend it. You have to follow two steps:
Bind the service to 0.0.0.0/3000 and not 127.0.0.1/3000.(This will
leave your service open and accessible by anybody on the internet,
that is were step 2 comes into picture).
In AWS security group now allow port 3000 for 0.0.0.0 if you want it
be access by anybody over the internet or add VPN or your network IP
to allow it only for you and you team.
My problem was the browser.
Chrome works; Firefox DOES NOT work.
Here are the steps that you can follow and when you check both of these, chances are that they will work for sure.
Make sure that you're using http:// in the browser instead of https:// on the IP and amazon IPV4 public DNS (It comes in some form like http://ec2-some-ip-address-here.region.compute.amazonaws.com)
Click on the instance id and scroll down,
go to the security tab,
click on security group it will look like this [![enter image description here][1]][1]
Click on edit inbound rules
Add this
For type- choose HTTP
Source - choose anywhere or anywhere ipv4
and click save and you're done.
Combination of these two should work fine.
While we opened inbounds rules http and https it goes automatically with either one http or https so follow below:
Make sure that you entered http://ec2-..., instead of https://ec2-... on your browser.
For me, I needed to setup ufw and allow it on my EC2insttance. I did so with this command sudo ufw app info "WWW Full"
In my case, it's because I access the public IP with HTTPS, so remmeber to remove 's' in the browser. So stupid!
it may solve by putting http instead of https in browser address
My Windows Ec2 instance was not accessible when I tried to access the public IP from the browser. After checking all the above, I had to update the Windows (Defender) Firewall setting which was blocking the incoming traffic.
Related
Today I download neo4j-community-3.2.0 in windows, when i start the server, i meet one problem in browser, i meet this problem in neo4j-community-3.1.2 and i had solved it by Ticking the "Do not use Bolt" option in settings solved the issue. But in neo4j-community-3.2.0 , i can't see "Do not use Bolt" option ,and i don't know how to do.
N/A: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use. WebSocket readyState is: 3
This happens because the browser is trying (under the hood) to also access the bolt port, which uses an unsigned certificate.
You probably allowed the browser to access the SSL 7474 port through allowing the unsigned certificate as an exception on your browser (and if you didn't, you should in order to make it work).
The url was:
https://[neo4j_host]:7474
Do the same for the bolt certificate, allow it as an exception for url:
https://[neo4j_host]:7687
I ran into the same problem trying to use Neo4j Community Edition on an AWS Ubuntu 16.04 instance. The key thing that solved it was to open port 7687 (the bolt port) in the AWS security group settings.
Found this based on https://stackoverflow.com/a/45234105/1529646
Thus, full answer is:
Make sure to configure Neo4j correctly, ie. uncomment the line dbms.connectors.default_listen_address=0.0.0.0 AND the line dbms.connector.bolt.listen_address=:7687
Open ports 7474 AND 7687 in the AWS security group settings.
In the lower left corner of the browser gear, select do not use bolt.
Open your ${NEO4J_HOME}/conf/neo4j.conf file and edit the bolt settings. It is just about uncommenting this line dbms.connector.bolt.address=0.0.0.0:7687
Change the version of Neo4j
Check your JDK version, use JDK1.8
Adding another option, which worked for me. If your bolt's tls_level is set to REQUIRED, you need to change it to OPTIONAL, if you are not using it with SSL certificate; to get this working.
If you are using Neo4J Community Edition (ver 3.5.1 - in my case) from AWS Marketplace, you need to change the configuration in:
/etc/neo4j/pre-neo4j.sh
Change this line:
echo "dbms_connector_bolt_tls_level" "${dbms_connector_bolt_tls_level:=REQUIRED}"
to
echo "dbms_connector_bolt_tls_level" "${dbms_connector_bolt_tls_level:=OPTIONAL}"
You can find more about Neo4J connector configuration option here. Ideally as per docs, by default bolt.tls_level should have been OPTIONAL only. But I'm not really sure what exactly happened in my case, which got it changed to REQUIRED. Or if it came as is from AWS Marketplace.
Assuming you have valid certs and placed them under the correct certificates directory:
dbms.ssl.policy.bolt.client_auth=NONE
Version 4.0. Took it from this article.
I shared my full ssl config on this other answer.
I had the same error. New to Neo, so take this with a grain of salt, but my solution didn't match these above idea. But thanks as they did lead me to the right "water". So
I went into the conf file, noticed that there was the same port number (previously, the Neo desktop had been constantly telling me it'd needed to update the port numbers...I never checked to verity, but they'd be #, #+1 and #+2. But that didn't work yet that'd happened again and again...but now, after checking the conf file myself, I noticed that the number was the same for all three port requirements for BOLT. Tried that and it didn't work either...but maybe that was important in what did:
In the folder, where the specific database is housed, named "..neo4jdatabases/[GUID Value]" there were two directories titled "/installation-3.4.0" and "...1". I removed the ".0", restarted things and IT WORKED.
So, either there should NOT be two versions under the same database collection OR that's true AND you need the three ports to be the same.
Final add for any Neo4j experts who actually know what they're doing, I have three databases running, two without issue. This occurred AFTER I was messing around trying to see how PowerShell might be useful. Not sure if this is related, but the other databases have worked fine...but, this db is the original playground/sandbox I'd had since the beginning. Not 100% sure, I made the version update before or after, creating the other two databases. HTH.
Using a windows trial version on a Windows 10 machine. Current N4j version is 3.4.1.
Do love what I see so far with Neo BTW!!!
Please mention the correct bolt port under the Connect URL textbox.if you are using the service port the mention the service port in place of bolt port.
Then finally I resolve it by replacing the bolt port with service port inside k8s.
user: neo4j
password: neo4j
I resolve this error by replace the port 7687 with node port 30033 inside Neo4j
then it works fine.
I was facing the same issue with Neo4J version 4 installed on an Ubuntu 18 EC2 instance. Tthe workaround that did the trick for me was to replace the 0.0.0.0 entries in /etc/neo4j/neo4j.conf with the actual private IP of my instance.
Following are the lines where the replace happened:
dbms.default_listen_address=172.X.X.232
dbms.connector.bolt.address=172.X.X.232:7687
Post restart of the DB, the Connect URL when accessing from browser should also use the private IP instead of localhost.
I have ssh'd into my rasberry pi and built a rails application.
Now how do I load the rails app from another machine?
I have tried IP:port in a web browser, but this fails.
Can I use ssh from a web browser to load the rails server process?
Are there gems I need to install to do this?
Is there any good documentation that I have missed?
SOLUTION
use ngrok to tunnel https://medium.com/#karimbutt/using-ngrok-to-create-a-publicly-accessible-web-facing-raspberry-pi-server-35deef8c816a#.sraso7zar
Maybe the problem is with the IP address you're trying to use. Servers don't necessarily forward their public IP traffic to localhost automatically.
Perhaps you could configure the IP address somehow, I don't know (others might?). Alternatively, you have a use a "local tunnel" service like ngrok or localtunnel. What these do is create a public URL for your localhost (i.e. your "loopback" address), so anyone can access it.
I spoke with a Ngrok author via email. He ensured me that I shouldn't need to expect any downtime from the service or to have to manually restart it. Although keep in mind that if you're on the free plan, whenever you restart Ngrok you're going to get a different URL. He also described it as kind of like a "souped up SSH -R"
I'm trying to set up a VM instance in Google Compute Engine. So far so good.
Now I've installed ajenti, which requires port 8000 for its web interface.
I created a firewall rule for TCP 8000. It doesn't work. I also set up iptables on the server to try to fix the problem. It ![still doesn't work]. I'm kind of desperate right now. I just want to access the web interface.
Thanks for help!
Firewall Rule
By default SSL is enabled in Ajenti. Try accessing your web page using https://YOURSERVERIP:8000
The target tag you have set restricts which instances the firewall rule applies to. Ensure that your instance has the http-server tag.
I am running standalone neo4j database server at localhost:7474 on a linode instance.
Is there any way to view this in the browser?
If you have SSH access to the Linode instance then you can run ssh -L 7474:localhost:7474 youruser#123.123.123.123 which will tunnel the remote port 7474 to localhost 7474. In your browser you can now use http://localhost:7474 to see the remote server without opening anything to the world.
You want what's called a "reverse proxy". Outside of your box, you can't talk about localhost:7474 as a hostname. So you want an external facing web server that "proxies" requests and sends them to localhost:7474.
One such option is Apache mod_proxy used as a reverse proxy. Examples on how to use it are behind the link. In general it's going to boil down to a configuration directive that looks something like:
ProxyPassReverse /neo4j http://localhost:7474
You also really want to read the documentation on securing the neo4j server.
WARNING - neo4j's web interface will let you do just about anything without authentication, including delete all of your data, change it, put new data in, and so on. It is a very bad idea to expose that functionality to the entire internet. So if you use a reverse proxy as suggested above, make sure you add some authentication layer (again you can do this with apache and mod_proxy) to permit just any random person from connecting to your instance and optionally deciding to trash it.
Problem:
My rails app (on my local machine) only responds to requests sent from the same machine to localhost, 127.0.0.1, or my internal ip address. When I try to hit it using my internet ip or from any other machine, inside or outside of my network, it just times out. I'm on Mac OS 10.9.1, ruby 1.9.3, rails 4.0.0.
I've done a lot of searching but all I can find is problems where people didn't forward their ports or bind the right ip.
Here are the areas I've investigated:
Ports -
I've tried several different ports. I configured my router to forward every port I tried but got the same result. I thought maybe there was a problem with the router so I built a simple server in Java and bound all the same ports I was binding with my rails app. Sure enough, when I hit the Java app using my internet ip it worked just fine so the router/firewall/port forwarding isn't the problem. Also, I run an apache server on port 80 and that has never had any problems. I turned apache off and tried port 80 for my rails app but that didn't fix the problem.
Rails Server -
I started with WEBrick and I thought that perhaps there was some setting inside that blocked external requests. I searched google extensively and found nothing on that matter. Just to be safe I installed Thin and got the exact same result I did with WEBrick. One interesting thing is that when the rails server is started, the external request takes a long time to time-out, but the server console displays no output at all. However if I try to send the same request w/out starting the server at all it fails immediately.
User Permissions -
I started the server with root (i'm starting to just shoot in the dark here) and it had no effect.
Environment -
I was starting in development environment originally because I'm developing but just for fun I tried starting in production and it also made no difference.
PLEASE HELP ME SMART PEOPLE
Update:
I installed the app on my Ubuntu machine and it doesn't have this problem! So that suggests the problem may have something to do with Mac OS.
SOLVED:
It turns out that in the System Preferences -> Security & Privacy -> Firewall in Mac OS, it was somehow set to block incoming connections to Ruby 1.9.3. I must have accidentally set that some time ago.
The problem is you are probably trying to request the page from your local machine (or any computer on your local network, behind your firewall) to your public IP expecting a result... not unless you setup routes through your firewall for this (and not usually available on a consumer level router... linksys, dlink, etc)
So forward port 80 if you are using something like pow, or 3000 for web bricks default port to your local machine
Then have someone outside your local lan request your external (public) IP
This may be related: Rails 3.1 on Ubuntu 11.10 under VirtualBox very slow
Your mention of slowness combined with the use of webrick makes me think you've got some reverse-DNS lookup awfulness going on. A quick first step is hacking /etc/hosts to bypass this lookup.
The situation I dealt with on Ubuntu was solved in the short-term by hacking /etc/hosts. You could do this quick hack in order to see if it is indeed just webrick's reverse-DNS lookup. Edit /etc/hosts and add a line for the external user's IP address, something like this:
156.123.48.55 TestPerson
Replace the IP address with the tester's IP address. Since you said you can get the external request to hit an Apache server on port 80, you can grab their IP address from the Apache access logs if necessary, otherwise just ask the person testing.
You could also try a different web server, such as unicorn, which may help out. Add "gem unicorn-rails" to your Gemfile, run bundle install, and then (according to their docs), rails server will just use unicorn directly.
With any local server, you'll need to correctly configure port forwarding on your firewall. Like said by CaptChrisD, tests must be done by an external IP/browser (if you own a server, ssh on it, then w3m to test).
I already had same symptom (server started => timeout, server stopped => fail) and the origin was an issue with firewall configuration. I think it is your problem.
With MacOS, Pow is really awesome: installation is easy, no configuration required (no /etc/hosts…). Moreover, they give you a hook for external access to your virtualhosts (but you still need port forwarding on your firewall).
Otherwise, there is other solutions like Forward to do it without firewall configuration (30-days free trial).
Hope this helps!